Cerbot ssl not working

SahandMG · December 29, 2018, 9:27pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
etrix.ir

I ran this command:

when I open my website on the browser, SSL works well but when I change my IP address with VPN and reconnect to the website, the browser returns " Your connection is not private" and a red line on “https”.

My web server is (include version):
NGINX lates

The operating system my web server runs on is (include version):
Ubuntu 16.4

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

rg305 · December 29, 2018, 10:08pm

Addresses: fe80::216:3eff:feb7:c726
185.105.186.89
185.105.186.90

curl -6 https://etrix.ir/
curl: (7) Couldn’t connect to server

Connecting to etrix.ir (etrix.ir)|185.105.186.90|:443… connected.
ERROR: cannot verify etrix.ir’s certificate, issued by ‘emailAddress=ssl@cpanel.tecmint.lan,CN=cpanel.tecmint.lan’:
Self-signed certificate encountered.
ERROR: certificate common name ‘cpanel.tecmint.lan’ doesn’t match requested host name ‘etrix.ir’.

JuergenAuer · December 29, 2018, 10:08pm

Hi @SahandMG

you have a curious configuration ( https://check-your-website.server-daten.de/?q=etrix.ir )

Your first name server has a timeout.

Then:

Domainname	Http-Status	redirect	Sec.	G
• http://etrix.ir/
185.105.186.89	301	https://etrix.ir/	0.333	A

• http://etrix.ir/
185.105.186.90	200		0.310	H

• http://www.etrix.ir/
185.105.186.89	404		0.327	M
Not Found

• https://etrix.ir/
185.105.186.89	200		7.650	B

• https://etrix.ir/
185.105.186.90	200		2.643	N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

• https://www.etrix.ir/
185.105.186.89	200		6.540	N
Certificate error: RemoteCertificateNameMismatch

You have two ipv4 - addresses (and one ipv6, not shown). One has the correct certificate, the other has the wrong certificate.

One from Letsencrypt, but only with one domain name:

CN=etrix.ir
29.12.2018
29.03.2019
etrix.ir - 1 entry

The other is self signed:

E=ssl@cpanel.tecmint.lan, CN=cpanel.tecmint.lan
21.12.2018
21.12.2019

Perhaps check your configuration. Why has the second ip a different certificate?

SahandMG · December 30, 2018, 6:02am

Thanks for your reply.
I'm not using cPanel and don't know about the second ipV4.
How can i fix this?

rg305 · December 30, 2018, 6:32am

You control the DNS zone.
The authoritative name server for etrix.ir is (itself):
ns1.etrix.ir internet address = 185.105.186.89
ns1.etrix.ir AAAA IPv6 address = fe80::216:3eff:feb7:c726
ns2.etrix.ir internet address = 185.105.186.89
ns2.etrix.ir AAAA IPv6 address = fe80::216:3eff:feb7:c726

FYI: fe80::216:3eff:feb7:c726 is non-routable.

system · January 29, 2019, 6:32am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.