Cert Valid, still not secure

gkamdata · October 30, 2020, 3:35pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Issue: The issue is that my site is still not secure even though the cert is valid. I have tried this multiple times so I may be pointing to the wrong certificate. I'm not sure how to have the certificate below (screen shot) be the one that is used. Any ideas?

I am on wordpress via AWS lightsail

My domain is: dataindependent.com

I ran this command: sudo cerbot certificates
Also run: sudo certbot renew
Also run: sudo certbot --apache -d dataindependent.com

It produced this output: See screenshot. It says that my certificate is valid

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 16

My hosting provider, if applicable, is: Aws

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Also ran the diagnostic here

JuergenAuer · October 30, 2020, 4:07pm

Hi @gkamdata

please read your result - https://check-your-website.server-daten.de/?q=dataindependent.com#certificates

You use the expired wildcard certificate:

CN=dataindependent.com
	27.07.2020
	25.10.2020
5 days expired	*.dataindependent.com, dataindependent.com - 2 entries

But you have a mess of different certificates:

Issuer	not before	not after	Domain names
Let's Encrypt Authority X3	2020-10-30	2021-01-28	dataindependent.com
1 entries	duplicate nr. 1
Let's Encrypt Authority X3	2020-10-26	2021-01-24	dataindependent.com, www.dataindependent.com
2 entries	duplicate nr. 2
Let's Encrypt Authority X3	2020-10-26	2021-01-24	dataindependent.com, www.dataindependent.com
2 entries	duplicate nr. 1
Let's Encrypt Authority X3	2020-10-26	2021-01-24	*.dataindependent.com, dataindependent.com
2 entries	duplicate nr. 1
Sectigo ECC Domain Validation Secure Server CA	2020-10-25	2021-01-24	dataindependent.com, www.dataindependent.com
2 entries
Let's Encrypt Authority X3	2020-07-27	2020-10-25	*.dataindependent.com, dataindependent.com
2 entries

Where is the certificate with both domain names? Deleted? Wrong.

...

Oh, please: Your screenshot shows you use bitnami -> missing information in your question.

Please check the bitnami documentation how to install the certificate.

gkamdata · October 30, 2020, 4:27pm

@JuergenAuer Awesome! Thank you for starting me off here. I was worried I had too many certificates.

What is the best way to 'reset' this situation? or what course of action do you recommend?

I'd love to start from scratch and load up a fresh certificate.

gkamdata · October 30, 2020, 4:33pm

I ended up following the instructions here

and things look ok right now...I'm cautiously optimistic.

JuergenAuer · October 30, 2020, 4:41pm

Yep, Bitnami is really an own world. Happy to read you have found a solution

system · November 29, 2020, 4:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.