Cert error: common name invalid


#1

Just installed letsencrypt to my ubuntu 16.04 apache2 dedicated server

I am being prompted “Your connection is not secure” with
"Certificate Error There are issues with the site’s certificate chain (net::ERR_CERT_COMMON_NAME_INVALID)."

Haven’t found much relevant info on the topic

.com through NO-IP.com

new to using trusted certificates…


#2

I can’t even reach your server through port 443 completely…

But anyway, as the error says something about the chain: did you use fullchain.pem or chain.pem? Or just cert.pem?


#3

Not sure… I’m new to using trusted certs. Always just generated self-signed
apparently fullchain.pem


#5

Well, as your server isn’t accessible from the public internet, I can’t say what’s going on unfortunately. Or do you have your webserver run on another port besides 443?


#6

No you are correct ssl is over normal port… was hoping using letsencrypt would stop the browsers warning prompt


#7

I’m not sure I follow.

At the moment your site is DOWN on port 443. Not even a browser warning prompt…?


#8

You’re right?? I hadn’t tried connecting off of localhost yet.

I’m just going back to self-signed… eventually I’ll have a reason to pay for a real cert


#9

Euuuhhh, dude… The certificate in question doesn’t have anything to do with the fact if a server is accessible from the public internet or not… Self-signed, Let’s Encrypt, payed cert, that really doesn’t matter at all. It’s your firewall/server/router configuration…


#10

Well I never had a problem connecting to port 443 before installing lets encrypt


#11

so… how can I properly uninstall from linux

There also seems to be a lot of controversy on the forums of how this is done


#12

Well… Depends how you installed it in the first place.


#13

sudo apt-get install python-letsencrypt-apache,

I’m actually in the process of re establishing paths to my old keys in apache now


#14

Have you checked the Apache logs before you decided to throw in the towel?


#15

No I hadn’t but after configuring to my self-signed keys I am able to connect through ssl port


#16

It’s still down from here…

osiris@desktop ~ $ telnet bpdylan89.dnss.net 443
Trying 199.59.242.150...
^C
osiris@desktop ~ $

Like I said, I don’t think the certificate has anything to do with it.


#17

Hmm… I can connect on telnet localhost 443

It’s the free NO-IP dynamic domain name… apparently ssl feature isn’t free. lol


#18

Or there’s a problem with the port forward in your router, to name an example.

The no-ip thing is a DNS thing. If the above IP address is the public IP you get from your ISP, you can rule out No-ip.


#19

No the port forward is working properly on my router. I also checked to make sure my IP allows traffic over 443, they only block port 25.

My NO-IP Dynamic DNS is a free account. I looked up NO-IP policy and would have to pay nearly $40/mo to have a third party verifying the chain of trust.

If anyone knows of a good free dynamic domain name service that allows SSL via trusted CA please let me know until then I am happy using my self signed cert


#20

Well, I would have to pay for the privilege to have a third party verify the chain of trust.
So it was the NO-IP thing … thanks anyway though[quote=“Osiris, post:18, topic:25261, full:true”]
I can’t even reach your server through port 443 completely…

But anyway, as the error says something about the chain:
[/quote]


#21

Is 199.59.242.150 your current IP address? If it is, then port 443 does NOT work there. This has nothing to do with no-ip or Let’s Encrypt. Get your basic network working, then deal with certificates.