Certbot successful but Browsers say Unsecured?


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: email.powersend.org

I ran this command:
root@email:/etc/nginx# certbot certonly --webroot -w /var/www/email.powersend.net/html -d email.powersend.net

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for email.powersend.net
Using the webroot path /var/www/email.powersend.net/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/email.powersend.net/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/email.powersend.net/privkey.pem
    Your cert will expire on 2018-09-10. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version):
nginx 1.10.3

The operating system my web server runs on is (include version):
ubuntu 16.04

My hosting provider, if applicable, is:
AWS EC2 virtual server

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I have Webmin BUT I used command shell to install the certificates.

It looks like everything succeeded. But all my browsers say that the Certificate is invalid. What did I do wrong?


#2

My domain is email.powersend.net. I wrote email.powersend.org by mistake in the question. BUT…I own both domains and both are having the same problem.


#3

Hi,

The command you run above was meant “only obtain certificate, don’t install it”

You would need to install the certificate by yourself…

Follow this guide to help you

Thank you


#4

Thanks Steve. I ran the command certbot --nginx -d powersend.org -d www.powersend.org. It smartly recognized that I already had certs and asked if I wanted to Install or Renew. I selected Install. I then did the same thing for powersend.net and it worked fine. The browsers like the certificates.

BUT I also have 2 other different domains and websites for email.powersend.net and email.powersend.org. Those domains will also be used for Email Sending domains…so its important for them to be SSL.

So I ran certbot --nginx -d email.powersend.org and certbot --nginx -d email.powersend.org to accomplish that. Both ran successfully…but they are being rejected by the browsers.

I can navigate to http://email.powersend.net.
I can navigate to http://email.powersend.org.

But not the HTTPS versions. Strange…
I’m also getting this message for https://email.powersend.net…
This page isn’t working
email.powersend.net redirected you too many times

Before Certbot I could at least navigate to https://email.powersend.net but with the SSL warnings.
I am looking at the configuration files.

Thanks for any answers.


#5

I am getting the message, that the certificate is self signed. Same with email.powersend.org.

So check the host definitions and change the certificate.


#6

Thanks JuergenAuer,
I cleaned up the host definitions of any extraneous lines and then ran the Certbot commands with --nginx and elected to replace the existing certs. This time I did NOT select to redirect from http to https. Now the Browsers are happy and the site navigation works fine.

I appreciate your help. Have a great day.