Certificate assigned to wrong website


#1

My domain is: www.statecraft.org.uk

The SSL certificate (for https) is assigned to a different website when it should be assigned to us. This means our site is not secure when it should be. We need to secure it by making LetsEncrypt aware of this, but they ‘do not offer support over email,’ so here we are. Any help would be appreciated.

James


#2

Doesn’t really make sense.

Can you explain in a more broad sense what you’ve trying to achieve?


#3

I want the certificate that should belong to our address to be assigned to us. Currently, as you can see under ‘Common name’ on this link (https://www.sslshopper.com/ssl-checker.html#hostname=www.statecraft.org.uk) it is assigned to a different web address. This is leaving some important info exposed, and LetsEncrypt couldn’t offer support.

James


#4

If the current web address is incorrect… “85.13.220.182” ? ? ?
If you are in control of the domain, you can update the DNS zone to point related names to any IP you like.

If the IP is correct, then it is most likely a shared system running some sort of cPanel.
Which is combining all the sites into one certificate.


#5

If you’re talking about the fact that other domain names are present on the certificate besides yours, you need to ask your web host about it.

It is up to them as to how they organize domain names onto certificates.

Let’s Encrypt has no say in it, they create whatever certificate the web host asks of them.


#6

Thank-you both.

Our name isn’t the ‘Common name’ at all, and it’s that that seems to be causing the problem. The certificate is registered as belonging to our domain but in reality applies to someone else. Our web host is GoDaddy: is it 100% up to them to fix it?

James


#7

Exactly what is the “problem” ?

Your site is included in the SAN:

www.leukaemiacancersociety.org www.lowrell.com www.ngncomms.com www.pennapropertypartners.com www.peverelsgardens.com www.sim-smith.com www.simplycatering.co.uk www.statecraft.org.uk www.twofiftyonelondon.com

FYI: Hardly anyone uses “common name” anymore.


#8

In a reasonable opinion, there is no problem with your certificate. It is extremely common for sites to share SSL certificates - it’s how many millions that use Cloudflare work.

Your host is not GoDaddy. Your host is whoever runs the server drupal.lowrell.com.


#9

Ah, I see now. We do not have SSL protection, though? An American visitor to the site learned that its certificate was faulty and unsecured. Are they any common causes of this to explore?

James


#10

And the IP “belongs” to:
Responsible organisation: Coreix Ltd


#11

You do, it works fine.

Okay, but without knowing their reasoning for believing so, it’s hard to comment on what the nature of the “fault” is. From my perspective, it’s perfectly fine.


#12

Please please please give some specific detail as to what is wrong/insecure/faulty.
Was there an “alert”, a “popup”, a “failed connection”, …

The only thing I can “find” that might be causing some (significantly older systems) trouble:
Is that the default certificate associated with the IP does not include your site.
That is, if a device connects to your site but is unable to manage the connection via FQDN and reverts to IP it will fail to find your site.


#13

All I know is that the https isn’t working. An American visitor to the site found its certificate was wrong. I thought it was to do with the common name difference, but if it’s not I have no idea what’s causing it.

EDIT: They had a pop-up. It was a pop-up that said the security certificate needed updating, with a yellow triangle exclamation mark icon.

James


#14

Perhaps the certificate was expired and it was then renewed by your system administrator?

On what date did you receive the report of the problem?

I’d be inclined to disregard that report unless you have a way to reproduce the problem. Sometimes there are problems that are local to the visitor (such as their system clock being wrong or other types of computer issues) which can manifest in such error screens.

There’s nothing wrong with your HTTPS right now: https://www.ssllabs.com/ssltest/analyze.html?d=www.statecraft.org.uk&hideResults=on


#15

There was likely no expiry, as it is due to expire in 40 days anyway. First I learned of this was a month ago. It seems it was local issue; l will try to confirm by asking other foreign users and, if not, return to this topic. Thank you all for your help!

All the best,

James