Certificate says it is valid but I can't get The Secure or Padlock on any browser


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: robertopaul.com

I ran this command: Certbo

It produced this output:

My web server is (include version): Apache

The operating system my web server runs on is (include version): RHEL 7
My hosting provider, if applicable, is: AWS (kinda)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.30.2

Hello, I am hosting my website on a small AWS ec2 Linux instance. I ran certbot and set everything up for my domain. Everything went well, but whenever I navigate to the website it tells me my certificate is valid, but I still do not get the green lock. I ran whynopadlock.com and everything seems to check out.

I am at a loss. At this point I figure it may be an AWS issue. Maybe something to do with DNS? I am a ltitle out of my leauge here and any help would be greatly be appreciated.


#2

Hi @bertox20

I see, you have already checked your domain via https://check-your-website.server-daten.de/?q=robertopaul.com

You have a Grade B, your certificate is good:

CN=robertopaul.com
	14.02.2019
	15.05.2019
expires in 87 days	robertopaul.com, www.robertopaul.com - 2 entries

Both connections are secure. And checked with my browser (my mixed content check has some limitations) there is the green lock (FireFox).

There is a script

https://ec2-100-27-25-95.compute-1.amazonaws.com/wp-includes/js/wp-embed.min.js?ver=5.0.3

that can’t be loaded, perhaps this is the problem.

Yep, that script is the problem. It has the wrong certificate.

robertopaul.com, www.robertopaul.com 
Fehlercode: SSL_ERROR_BAD_CERT_DOMAIN

So use your domain name, not this amazon-instance as name.


#3

Hi JuergenAuer,

Thanks so much for the reply. Where may I ask would this script be located?


#4

I don’t know where the script is introduced.
But looking at the URL, it would seem to be WordPress related.
And the path shows you exactly here the script can be found on that system:

ec2-100-27-25-95.compute-1.amazonaws.com resolves to IP 100.27.25.95; and so does robertopaul.com

If all else fails, you could always do a “brute-force find” and look for any file with that name or path in it.
But I would recommend to first start looking through WordPress.


#5

It’s in your header:

<link rel='stylesheet' id='twentynineteen-style-css'  href='https://ec2-100-27-25-95.compute-1.amazonaws.com/wp-content/themes/twentynineteen/style.css?ver=1.2' type='text/css' media='all' />

That’s your own webspace, so change the href to

href='/wp-content/themes/twentynineteen/style.css?ver=1.2'

It’s a local ressource.


#6

I’ve added a new check: Now external stylesheets and scripts are checked if they can be loaded with a http status 200.

If not, there is now an error information:

link
	stylesheet
	https://ec2-100-27-25-95.compute-1.amazonaws.com/wp-content/themes/twentynineteen/print.css?ver=1.2
	-9
	TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure. None
	1
	no SSL

So the link element with rel=‘stylesheet’ and href = … doesn’t work.


#7

Thank you all for your help. I could not for the life of me figure out why it was still pointing towards the ec2 dns. So I just recreated the instance and reinstalled LetsEncrpyt and Wordpress and this time everything works.

Feel free to close this thread.

Thanks


closed #8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.