Just installed letsencrypt to my ubuntu 16.04 apache2 dedicated server
I am being prompted “Your connection is not secure” with
"Certificate Error There are issues with the site’s certificate chain (net::ERR_CERT_COMMON_NAME_INVALID)."
Haven’t found much relevant info on the topic
.com through NO-IP.com
new to using trusted certificates…
I can’t even reach your server through port 443 completely…
But anyway, as the error says something about the chain: did you use fullchain.pem or chain.pem? Or just cert.pem?
Not sure… I’m new to using trusted certs. Always just generated self-signed
apparently fullchain.pem
Well, as your server isn’t accessible from the public internet, I can’t say what’s going on unfortunately. Or do you have your webserver run on another port besides 443?
No you are correct ssl is over normal port… was hoping using letsencrypt would stop the browsers warning prompt
I’m not sure I follow.
At the moment your site is DOWN on port 443. Not even a browser warning prompt…?
You’re right?? I hadn’t tried connecting off of localhost yet.
I’m just going back to self-signed… eventually I’ll have a reason to pay for a real cert
Euuuhhh, dude… The certificate in question doesn’t have anything to do with the fact if a server is accessible from the public internet or not… Self-signed, Let’s Encrypt, payed cert, that really doesn’t matter at all. It’s your firewall/server/router configuration…
Well I never had a problem connecting to port 443 before installing lets encrypt
so… how can I properly uninstall from linux
There also seems to be a lot of controversy on the forums of how this is done
Well… Depends how you installed it in the first place.
sudo apt-get install python-letsencrypt-apache,
I’m actually in the process of re establishing paths to my old keys in apache now
Have you checked the Apache logs before you decided to throw in the towel?
No I hadn’t but after configuring to my self-signed keys I am able to connect through ssl port
It's still down from here...
osiris@desktop ~ $ telnet bpdylan89.dnss.net 443
Trying 199.59.242.150...
^C
osiris@desktop ~ $
Like I said, I don't think the certificate has anything to do with it.
Hmm… I can connect on telnet localhost 443
It’s the free NO-IP dynamic domain name… apparently ssl feature isn’t free. lol
Or there’s a problem with the port forward in your router, to name an example.
The no-ip thing is a DNS thing. If the above IP address is the public IP you get from your ISP, you can rule out No-ip.
No the port forward is working properly on my router. I also checked to make sure my IP allows traffic over 443, they only block port 25.
My NO-IP Dynamic DNS is a free account. I looked up NO-IP policy and would have to pay nearly $40/mo to have a third party verifying the chain of trust.
If anyone knows of a good free dynamic domain name service that allows SSL via trusted CA please let me know until then I am happy using my self signed cert
Well, I would have to pay for the privilege to have a third party verify the chain of trust.
So it was the NO-IP thing … thanks anyway though[quote=“Osiris, post:18, topic:25261, full:true”]
I can’t even reach your server through port 443 completely…
But anyway, as the error says something about the chain:
[/quote]
Is 199.59.242.150 your current IP address? If it is, then port 443 does NOT work there. This has nothing to do with no-ip or Let’s Encrypt. Get your basic network working, then deal with certificates.