Created cert but server still get "connection is not private" message

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
certbot certonly -a manual -d irc.digitalwind.net --preferred-challenges dns --staging

It produced this output:
IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/irc.digitalwind.net/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/irc.digitalwind.net/privkey.pem
    Your cert will expire on 2019-09-06. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”
  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

My web server is (include version):
znc irc bouncer

The operating system my web server runs on is (include version):
Ubuntu 16.04.6 LTS

My hosting provider, if applicable, is:
Digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

I created a pem file from the privkey and fullchain pem files using the below command

cat /etc/letsencrypt/live/irc.digitalwind.net/{privkey,fullchain}.pem > znc.pem

I moved this into the .znc folder and replaced the previous znc.pem file. What did I miss?

Hi @odin

your command:

You have used the --staging - system, that’s the test system. So your certificate isn’t valid.

Remove that option and create a productive certificate.

PS: Checked your domain that’s not the current problem ( https://check-your-website.server-daten.de/?q=irc.digitalwind.net ):

The domain uses the

CN=wordsmiths.digitalwind.net
	24.05.2019
	22.08.2019
expires in 75 days	wordsmiths.digitalwind.net - 1 entry

certificate, so the domain name is wrong.

Do you have an own vHost with irc.digitalwind.net?

Or is this not relevant, because you don’t use the certificate with a webserver?

1 Like

IRC daemons don’t work with vhosts as far as I know.

1 Like

I have two subdomains on different ports, wordsmiths is the other one. I was able to generate the needed cert after I removed staging from the command (stupid mistake). All is now working.

Thanks everyone!
-O

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.