Cerbot ssl not working


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
etrix.ir

I ran this command:

when I open my website on the browser, SSL works well but when I change my IP address with VPN and reconnect to the website, the browser returns " Your connection is not private" and a red line on “https”.

My web server is (include version):
NGINX lates

The operating system my web server runs on is (include version):
Ubuntu 16.4

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO


#2

Addresses: fe80::216:3eff:feb7:c726
185.105.186.89
185.105.186.90

curl -6 https://etrix.ir/
curl: (7) Couldn’t connect to server

Connecting to etrix.ir (etrix.ir)|185.105.186.90|:443… connected.
ERROR: cannot verify etrix.ir’s certificate, issued by ‘emailAddress=ssl@cpanel.tecmint.lan,CN=cpanel.tecmint.lan’:
Self-signed certificate encountered.
ERROR: certificate common name ‘cpanel.tecmint.lan’ doesn’t match requested host name ‘etrix.ir’.


#3

Hi @SahandMG

you have a curious configuration ( https://check-your-website.server-daten.de/?q=etrix.ir )

Your first name server has a timeout.

Then:


Domainname Http-Status redirect Sec. G
http://etrix.ir/
185.105.186.89 301 https://etrix.ir/ 0.333 A
http://etrix.ir/
185.105.186.90 200 0.310 H
http://www.etrix.ir/
185.105.186.89 404 0.327 M
Not Found
https://etrix.ir/
185.105.186.89 200 7.650 B
https://etrix.ir/
185.105.186.90 200 2.643 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.etrix.ir/
185.105.186.89 200 6.540 N
Certificate error: RemoteCertificateNameMismatch

You have two ipv4 - addresses (and one ipv6, not shown). One has the correct certificate, the other has the wrong certificate.

One from Letsencrypt, but only with one domain name:

CN=etrix.ir
29.12.2018
29.03.2019
etrix.ir - 1 entry

The other is self signed:

E=ssl@cpanel.tecmint.lan, CN=cpanel.tecmint.lan
21.12.2018
21.12.2019

Perhaps check your configuration. Why has the second ip a different certificate?


#4

Thanks for your reply.
I’m not using cPanel and don’t know about the second ipV4.
How can i fix this?


#5

You control the DNS zone.
The authoritative name server for etrix.ir is (itself):
ns1.etrix.ir internet address = 185.105.186.89
ns1.etrix.ir AAAA IPv6 address = fe80::216:3eff:feb7:c726
ns2.etrix.ir internet address = 185.105.186.89
ns2.etrix.ir AAAA IPv6 address = fe80::216:3eff:feb7:c726

FYI: fe80::216:3eff:feb7:c726 is non-routable.


closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.