Changing Encrypt certificate expiration

Help
1

My domain is: www.subaru-impreza.de

I ran this command: https://www.subaru-impreza.de/

It produced this output: "This is no securety connection"

My web server is (include version): Celeros Internet GmbH, Forsthof Hagen 3-7, 22926 Ahrensburg

The operating system my web server runs on is (include version): Windows Version 21H1

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I don't know

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't know

Hello,

I startet the Lets Encrypt certification some month ago. But now there are emails like you can see down this mail. But I don not know, how to rebuild the site without this mail by you:

Dies ist keine sichere Verbindung

Hacker könnten versuchen, Ihre Daten von www.subaru-impreza.de zu stehlen, zum Beispiel Passwörter, Nachrichten oder Kreditkartendaten. Weitere Informationen

NET::ERR_CERT_DATE_INVALID

The user would habe to use an extra button where die names are right. But all this is very hard to take. Where can I change this rebuilding something?

Greetings, Frank Göpfert

1 Like
2

Renewing a certificate depends fully on how you got the certificate(s) in the first place.

2 Likes
3

Welcome to the Let's Encrypt Community, Frank :slightly_smiling_face:

Upon inspecting the certificate history of subaru-impreza.de, I discovered the absolutely massive number of overlapping certificates issued for subaru-impreza.de and its various subdomains. While there's nothing wrong with doing things this way, it does appear that there may be a misunderstanding of what certificate(s) to issue and how to organize. This might be a case where a wildcard certificate would be entirely appropriate, especially given the wildcard IPv4 address in the DNS.

*.subaru-impreza.de. 599 IN A 195.242.103.124

What is the output of this command?

sudo nginx -T

It might be quite long.

2 Likes
4

Thank you for both of your answers! Unfortunately, I am not very familiar with PCs. It's a really long list!! Where can I find the WildCard from? And then do I have to rewrite all values manually?

Where can I find this?

Would it be able to reduce it until 10 numbers instead of 300?

Thanks for your time!
Frank

1 Like
5

I'm assuming that you ran sudo nginx -T (the command I was asking for the output of) and found the output to be very long as expected. Rather than copying-and-pasting the output into a post, you simply can upload an output.txt file here, which can be generated as follows:

sudo nginx -T > output.txt
1 Like
6

Are you absolutely sure your web site runs using Windows or is that just the computer you are currently sitting at?

It looks to me like you are using nginx via Plesk and I'd assume it's probably running on Linux (it presents a x-powered-by: PleskLin http header).

As it's Plesk there will be a control panel you can login to and see settings for things like certificates.

2 Likes
7

See also Let's Encrypt extension - Plesk

2 Likes
8

Hello,
I am so bad knowing anything about internet creating :anguished: . It has worked until the last 15 years. But now, these "crypt" had to be insered at my page. Okay, no problem. I needed a help but everything was good. But why do they now, 3 months later, writes the home page about "unsecure connection"? :anguished:

So I wrote a bit... :slight_smile: . Where could I find "sudo nginx -T", "upload an output.txt file"? You gonna think that I am a stupid boy... And you are right :frowning: . Would you help me nevertheless? :anguished:
Frank

1 Like
9

Thank you! I will read it now. Very good is the "Plesk" link. I have this too. Is it normal, that everybody has this software?

10

The computer is a "Microsoft 10 home" at "AMD Ryzen 5 3500U with Radeon Vega".
64-Bit-system. Windows Version 20H2 from 03/11/2021.

11

No, it's fairly unusual for someone to be running Plesk on a home machine, it's usually used for web hosting on shared servers.

2 Likes
12

@Impreza there is a computer called www.subaru-impreza.de which apparently is in the datacenter of RockingHoster GmbH in Hamburg. Everyone's questions here are about that computer.

  • What software does it run?
  • Who is the administrator? (Is it you, or is it your hosting company?)
  • How is it administered? (What would someone do to change its configuration, or add or remove software there?)

Related to this... how did you originally obtain or create this web site? Did someone else set it up for you? Was it previously hosted with a different hosting company?

These are tasks to be done by the administrator of the web server machine, using SSH for remote access.

(note: this article is mostly about technical details of SSH, not a guide or tutorial for how to start using it)

With some web hosting plans, the customer is the system administrator of the web server (and is then given a password or other authentication mechanism to connect to the web server using SSH in order to administer it). With other web hosting plans, the customer is not the system administrator, and may have to use, for example, a Plesk or other control panel web interface to make (limited) changes to settings on the web server.

2 Likes
13

@webprofusion Thank you for this information. So I do not this Plesk of my home machine.

@schoen Also many thanks to your information. I will try to answer as good as I can...
Is it right, that nobody can open my www.subaru-impreza.de if it is automatical only warned for all the users? Some friends of me could open it and now it is possible for them to open this internet site. I think, only these users who know that, can use my website. Is that right?

  • My software that I use is the very old "FrontPage 2003". I know it is very old, but computers are really not my friends :roll_eyes:. I allways use "FileZilla" to bring all data to the internet data. Everything is made with the "Windows" (see above "64-Bit-system. Windows Version 20H2")

  • The administrator should be "Celeros Internet GmbH". He take the domains subaru-impreza.de and *.net and he helped at the Encrypt problem 6 months ago. Do you think that he could help for this? I have an own number at his company: CEL17866.

  • The administrator just helped but I do not think that anything has been changed. Is it possible that some bad words was mentioned at my homepage? Some words are not allowed any more and that is the reason why my page is mentioned? (I did not mention anything bad words.)

So I build the homepage in 2005 starting. Everything was used by me, nobody else have helped. But now I need this help, because it is so much secure software at the hole internet... So you are right: I created the homepage but there was no different hosting company. But if you mean the actuell domain company it is the "Celeros Internet GmbH" (Ahrensburg, Hamburg, Germany).

The "sdo nginx..." must have done another one. I did not hear or read these words. Also SSH for remote access I do not know this. :frowning:

Could you help me with this problems? I think that it is very simple for you, but I am such a bad computer user... :woozy_face:. I will never find that problem without you.

Greetings,
Frank (Germany)

Would there also the problem at www.subaru-impreza.com? The company that rents the .com-Domain to me is www.namepal.com.

14

Hi @Impreza,

I had a first impression in response to your comments here, but then I checked more closely and now have a different thought about the solution to your problem.

This makes me think that this administrator has the SSH access that we're talking about (rather than you), so if there are tasks in the future that require this kind of administrator access, you will probably need to get this person to do them for you.

Let's Encrypt's certificate issuance doesn't have a content-based policy associated with it and the certificates would not be revoked (or refused renewal) based on the content of the site. (Some Internet companies do have these policies, like social media or something, but usually not "infrastructure" services like Let's Encrypt.)

So, I just checked more closely.

The current problem is not with your certificate at all, but rather with mixed content.

If these pages are too complex for you in English you could try

https://duckduckgo.com/?t=ffab&q="was+ist+mixed-content"

(some German sources use the English term "mixed content", or occasionally German "gemischter Content", "gemischte Inhalte")

One reason that you might have encountered people with different experiences (error versus no error) is that different web browsers have different levels of warnings about mixed content today. One web browser might display a small, subtle icon to warn about it, while another might display a conspicuous error message. So, some users might think the page is fine, while others might think there is an important security problem, depending on how their web browser software decides to display this warning!

To fix this, you need to find the insecure (HTTP) resources inside your page and change them to secure (HTTPS) equivalents, so that the page content is 100% loaded over HTTPS. Then all browsers should stop displaying these warnings.

1 Like
15

Hi @schoen ,

thank you very much! I think I will get it done. My Domains .de and .net are working quite good. Only the .com doesn't work. I just have to write to NamePal.com. Maybe they could set it back to the older settings.

Absolute top are the last text. I think It must be possible.

Greetings,
Frank

16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.