Certificate installed and showing up as invalid


#1

My domain is: https://weye.com.br

I ran this command: Default apache instalation, although I ran the command more than one time for the same website and I changed the url from http to https between them

It produced this output: Congratulations! You have successfully enabled https://weye.com.br

My web server is (include version): ?

The operating system my web server runs on is (include version): ubuntu 14.04.05

My hosting provider, if applicable, is: amazon

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

So what exactly is the problem? Your site is serving a valid, trusted certificate:
https://www.ssllabs.com/ssltest/analyze.html?d=weye.com.br&hideResults=on


#3

He might have a cache problem… (Browser side)

Might need to refresh his cache…


#4

image
this is the problem, I’ll try cleaning the cache


#5

tried many forms of cleaning but the invalid certificate error still shows up


#6

NET::ERR_CERT_COMMON_NAME_INVALID

this is the error message showing on chrome


#7

Hi @direclaw

calling http://weye.com.br, there is a redirect to https://weye.com.br/ and a second redirect to https://www.weye.com.br/

But your certificate has only one name weye.com.br -> this is a mismatch.

So add two names - weye.com.br and www.weye.com.br


#8

Okay…

The issue is you only get the certificate contains .br domain, not it’s www version.

What platforms did you use to obtain the certificate?
Are you using certbot?

Thank you


#9

yes I used certbot. what does .br names has to do with it?


#10

the www name does not show up as an option when I use the command

sudo certbot --apache


#11

sorry, I missed it completely, thank you


#12

You could use this command:

sudo certbot --apache -d weye.com.br -d www.weye.com.br

Please also do not forget to add a server alias (Apache) or server name to the existing virtual host that contains the site weye.com.br.

Thank you


#13

Gave a few more tries, tried the suggested command

sudo certbot --apache -d weye.com.br -d www.weye.com.br

revoked and deleted the old certificates, cleared cache, restarded apache and the error message is now mentioning a valid certificate but still shows the not secure message

image

There are some red messages as well on https://www.ssllabs.com/ssltest/analyze.html?d=www.weye.com.br, but I don’t know if they are normal for certbot or not.

On firefox it opens without problem.


#14

I’m going to dive into this, because I think my server alias is already set up but I’m not sure about it.


#15

Now your certificate is correct.

You have a Grade A, that’s good. Java 6u45 isn’t something you have to support, so the red warning is no problem.

The results of ssllabs are independent from the use of certbot.


#16

image

so what is this error about?


#17

There may be folks here who read Portuguese, but I’m not one of them. However, the previous screen shot you posted appears to say that the certificate is valid. It also appears to have a link for more information, which might help answer why your copy of Chrome is giving you problems. Whynopadlock.com indicates everything is fine too:
https://www.whynopadlock.com/results/1dff388a-3d9d-4ab1-859b-ae0b4496e72e


#18

Its a red message saying “Not secure”


#19

I don’t see that error. And “certificato (valido)” sounds good :wink:

I see:

br


#20

Yes, I could figure out that much. The screen shot you posted earlier (23 minutes ago) had a bit more text which I couldn’t figure out, but which probably explains in a bit more detail what the problem is. That’s the one that also says your certificate is valid.