Cert installed, can’t provide a secure connection


#1

I think I have the certificates installed, Port 443 is listening but whynopadlock reports: The SSL certificate tests failed. Please be sure that you can connect to your site over SSL and try again.

Can’t work out why. Any pointers very welcome please.

My domain is: mangorol.la

I ran this command: ./certbot-auto certificates

It produced this output:
Certificate Name: mangorol.la
Domains: *.mangorol.la
Expiry Date: 2018-09-13 10:02:28+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mangorol.la/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mangorol.la/privkey.pem
Certificate Name: mangorol.la-0001
Domains: mangorol.la
Expiry Date: 2018-09-13 11:54:10+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mangorol.la-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mangorol.la-0001/privkey.pem

My web server is (include version):
Apache version 2.4.18

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:
Linode

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): WebMin


#2

Hello @ShaneMcC

When testing https://mangorol.la/ I got the error:

Ein Fehler ist während einer Verbindung mit mangorol.la aufgetreten. SSL hat einen Eintrag erhalten, der die maximal erlaubte Länge überschritten hat. Fehlercode: SSL_ERROR_RX_RECORD_TOO_LONG

That may happen if there is a webserver on port 443, but no certificate is bound.

certbot-auto certificates

shows only the certificates. It doesn’t show the binding of the webserver.


#3

Danke Jurgen,

For information:
Being new to all this changing the .conf files didn’t appeal so I went back to the original installation and used

./certbot-auto --apache -d example.com -d www.example.com -d other.example.net

Previously I had tried it without the -d and it had created errors that I hadn’t seen.


#4

Now you have a correct Letsencrypt-certificate installed.

But there are mixed-content errors you should fix:

http :// mangorol . la /wp-content/uploads/2016/11/Mangorolla-CIC-Logo.png
http : // maps . google . com / maps/api/js? …

Use the Chrome or FireFox - Console to find all images / javascript etc. with http

Edit: The link to your Logo now creates a mixed content warning on this page.


#5

In my experience SSL_ERROR_RX_RECORD_TOO_LONG is almost always due to an HTTP listener on port 443 instead of an HTTPS listener. At least in nginx and Apache, configuring an HTTPS listener with no associated certificate and private key usually produces a slightly different error on the client side.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.