Browsers say certificate is not valid after installation

Hi, I have just installed certificates on my hosting through certbot and it seems to have installed correctly with the ‘success’ message but when i view the domain on any browser now i get the warning of invalid certificate on Chrome, Safari, Firefox etc

My domain is:www.ignitecareers.co.uk

I ran this command:certbot certificates

It produced this output:
Found the following certs:
Certificate Name: www.ignitecareers.co.uk
Domains: www.ignitecareers.co.uk
Expiry Date: 2020-02-16 00:06:29+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.ignitecareers.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.ignitecareers.co.uk/privkey.pem

My web server is (include version):nginx version: nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version):1.10.3 (Ubuntu)

My hosting provider, if applicable, is:rackspace.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

Hi @ameenaziz,

Your certificate for www.ignitecareers.co.uk is valid—but only for www.ignitecareers.co.uk, not for ignitecareers.co.uk. Your web server sends an HTTP redirect from the former to the latter.

What Certbot command did you use to get this certificate? Could you run Certbot again to add ignitecareers.co.uk as another name on the same certificate? … like -d www.ignitecareers.co.uk -d ignitecareers.co.uk or something.

and after that, have a look at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.ignitecareers.co.uk&hideResults=on

hi schoen,

I ran ‘sudo certbot --nginx’ to attain the cert
can you please let me know what the full command is to add ignitecareers.co.uk without the www

There is a DNS entry for:

Name:    ignitecareers.co.uk
Address:  162.13.162.103

But there is no web site there:

curl -Iki http://ignitecareers.co.uk/
HTTP/1.1 404 Not Found        <<<<<<<<<<<<<<<<<<<
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 18 Nov 2019 01:58:15 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 178
Connection: keep-alive

Can you show this message?

HTTP/1.1 404 Not Found
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 18 Nov 2019 02:00:53 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 178
Connection: keep-alive

I have the same, how can i fix this?

Add an alias in the vhost config file.
[for NGINX it’s as simple as another server_name entry]

server_name www.ignitecareers.co.uk;
server_name ignitecareers.co.uk;

Don’t know how to press words, but there may be a setting in there.
I say that because:
curl -Iki https://www.ignitecareers.co.uk/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 18 Nov 2019 02:08:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://ignitecareers.co.uk/
X-Server: ignite-wp-prod

To recap:
[currently]

http://ignitecareers.co.uk/ [doesn’t exist (yet)]
http://www.ignitecareers.co.uk/ redirects to https://www.ignitecareers.co.uk/
https://www.ignitecareers.co.uk/ redirects to https://ignitecareers.co.uk/
https://ignitecareers.co.uk/ [wrong cert name]

certbot finds only finds www.ignitecareers.co.uk as an option during installation
is there away to install for all variations? https:// www. https://www. etc
any ideas?

I tried changing this in /etc/nginx/sites-available
server_name www.ignitecareers.co.uk; server_name ignitecareers.co.uk;
no luck

Did you restart the web server?
This:
server_name www.ignitecareers.co.uk; server_name ignitecareers.co.uk;
Should look like this:
server_name www.ignitecareers.co.uk;
server_name ignitecareers.co.uk;

You should modify enabled files:
/etc/nginx/sites-enabled/<file.name>.conf

How many files are enabled?
ls -l /etc/nginx/sites-enabled/

Here is the output of the default file in /etc/nginx/sites-enabled
after making the change
i did restart nginx sudo systemctl restart nginx

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name www.ignitecareers.co.uk;
    server_name ignitecareers.co.uk;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #       include snippets/fastcgi-php.conf;
    #
    #       # With php7.0-cgi alone:
    #       fastcgi_pass 127.0.0.1:9000;
    #       # With php7.0-fpm:
    #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #       deny all;
    #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

Here is the output of /etc/nginx/conf.d/ignitecareers.co.uk.conf

server {

  access_log off;
  error_log  /var/log/ignitecareers.co.uk_error_log;
  root /var/www/vhosts/ignitecareers.co.uk/httpdocs;
  listen    443 ssl;
  ssl_certificate /etc/letsencrypt/live/www.ignitecareers.co.uk/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/www.ignitecareers.co.uk/privkey.pem; # managed by Certbot

  server_name   www.ignitecareers.co.uk ;
  server_name   ignitecareers.co.uk ;

  location ~* ^/phpmyadmin {
  root /usr/share;
  index index.php;
  location ~ ^/phpmyadmin/(.+\.php)$ {
  try_files $uri =404;
  root /usr/share/;
  #    fastcgi_pass unix:/var/run/php-fpm/ignitecareers.co.uk.sock;
  fastcgi_pass 127.0.0.1:8080;

  fastcgi_index index.php;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  include /etc/nginx/fastcgi_params;
   }
}

location / {
root   /var/www/vhosts/ignitecareers.co.uk/httpdocs;
index  index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}

location @handler {
rewrite / /index.php;
}

location ~ .php/ {
 rewrite ^(.*.php)/ $1 last;
}

location ~ .php$ {
try_files $uri /index.php;
expires off;
#   fastcgi_pass unix:/var/run/php-fpm/ignitecareers.co.uk.sock;
fastcgi_pass 127.0.0.1:8080;
fastcgi_buffers 256 4k;
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 256k;
fastcgi_read_timeout 3600s;
#      fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
# WordPress single site rules.
# Designed to be included in any server {} block.

# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule

# Add trailing slash to */wp-admin requests.
 rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\. (ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}




}
server {
   # if ($host = www.ignitecareers.co.uk) {
  #    return 301 https://$host$request_uri;
 # }
# managed by Certbot



listen    80;

 server_name   www.ignitecareers.co.uk ;
 server_name   ignitecareers.co.uk ;
 return 404; # managed by Certbot


}

In file: /etc/nginx/conf.d/ignitecareers.co.uk.conf
Update this last section as follows:

server { 
listen 80; 
server_name www.ignitecareers.co.uk;
server_name ignitecareers.co.uk;
return 301 https://$host$request_uri; 
}

And in the first section add the following location:

location /.well-known/acme-challenge/ {
   try_files $uri =404;
}#location

I just did some thing similar and was able to redirect requests by adding these in the /etc/nginx/conf.d/ignitecareers.co.uk.conf

if ($host = ignitecareers.co.uk) {
       return 301 https://www.$host$request_uri;
    }
 # managed by Certbot

 if ($host = www.ignitecareers.co.uk) {
            return 301 https://$host$request_uri;
 }

In the file?:

Change these names to anything else:

Like:
server_name localhost;

There is no need to “if host =”, you can redirect ALL to https.

Ok, thank you so much you’ve been very helpful.

Feel free to Buy me a or even better donate that money to LE
Either way:
-Cheers from Miami

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.