http://beta-yegfitness.fitchek.com/ mostly works for me. The page loads. Some of the images and such are 404 Not Found errors.
https://beta-yegfitness.fitchek.com/ returns a Cloudflare invalid origin certificate error.
What certificate is being used on the origin now? How is it configured?
Could you turn off Cloudflare on the subdomain temporarily so we can check it?
Or share your non-Cloudflare - ip address.
Then I can check it - ip + hostname.
174.117.43.114
Your public IP address
hostname: fitchek-server
The hostname is the domain name.
The result - https://check-your-website.server-daten.de/?q=174.117.43.114&h=beta-yegfitness.fitchek.com
You have a 90 day - certificate:
CN=beta-yegfitness.fitchek.com
18.03.2019
16.06.2019
expires in 90 days beta-yegfitness.fitchek.com - 1 entry
But it's the Fake Certificate:
Chain (complete)
1 CN=beta-yegfitness.fitchek.com
2 CN=Fake LE Intermediate X1
So create a new certificate, but don't use the test system.
If the certificate is valid, then you should have a Grade I (some content errors), but not a certificate error.
OK I did as you said and re-ran (without test):
sudo certbot certonly --webroot -w /opt/marketplace/public/yegfitness -d beta-yegfitness.fitchek.com
It asked me to keep or renew and replace, so I choose renew and replace
2: Renew & replace the cert (limit ~5 per 7 days)
and the response:
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for beta-yegfitness.fitchek.com
Using the webroot path /opt/marketplace/public/yegfitness for all unmatched domains.
Waiting for verificationâŚ
Cleaning up challenges
IMPORTANT NOTES:
/etc/letsencrypt/live/beta-yegfitness.fitchek.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/beta-yegfitness.fitchek.com/privkey.pem
Your cert will expire on 2019-06-16. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
âcertbot renewâ
Still doesnât work however, still get invalid SSL certificate
If you use certonly, the certificate isn't installed.
Perhaps the file is replaced. But then you have to reload / restart your webserver.
PS: There
is your new certificate.
So install it and recheck your domain.
Looks like you have fixed the error. Checking your ip + domainname as hostname lists now
CN=beta-yegfitness.fitchek.com
18.03.2019
16.06.2019
expires in 89 days beta-yegfitness.fitchek.com - 1 entry
And the domain beta-yegfitness.fitchek.com has four Cloudflare ip addresses and a big Cloudflare certificate:
CN=sni116869.cloudflaressl.com, OU=PositiveSSL Multi-Domain,
OU=Domain Control Validated
05.12.2018
14.06.2019
expires in 87 days
Some missing files ... Grade I.
A post was split to a new topic: How to setup HTTP to HTTPS redirection?
Thanks for all the help, your support has been amazing, I just want to absolutely clear on the next step before i do something wrong (again):
When you say
There ends your post.
So your question is invisible.
Thanks for all the help, your support has been amazing, I just want to absolutely clear on the next step before i do something wrong (again):
When you say:
https://crt.sh/?q=beta-yegfitness.fitchek.com
is your new certificate.
So install it and recheck your domain.
Do you mean that I should run
sudo certbot --webroot -w /opt/marketplace/public/yegfitness -d beta-yegfitness.fitchek.com ?
and then restart nginx?
Note that the site is now working, but I think there might be multiple certificates, so not sure which one is in use
Thanks!
Nate
No, the problem is already solved.
See post
Check the result of https://check-your-website.server-daten.de/?q=174.117.43.114&h=beta-yegfitness.fitchek.com
There you see: Your internal ip address 174.117.43.114 checked with your domain name as hostname -> the certificate is valid.
That's like a browser connect a website: First, the browser has to find the ip address. Then the browser connects the ip address and sends the domain name as hostname.
So Cloudflare is able to connect your site via https.
And check https://check-your-website.server-daten.de/?q=beta-yegfitness.fitchek.com - then you see your Cloudflare - ip and your Cloudflare certificate.
The first is the internal view, the second is that, what visitors see.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.