Dlg_flags_sec_cert_cn_invalid

husseinsheikh · April 2, 2018, 12:18am

I installed the Let’s Encrypt certificate using win-acme.v1.9.10.1.zip on IIS 8.5. Installs okay but when I browse the site https://www.vodanile.com then I get this error DLG_FLAGS_SEC_CERT_CN_INVALID

Any help on this is appreciated.

Thanks

rg305 · April 2, 2018, 1:10am

see: https://www.ssllabs.com/ssltest/analyze.html?d=www.vodanile.com&hideResults=on

husseinsheikh · April 2, 2018, 1:16am

I have seen that and wanted help on my initial post. Thanks

rg305 · April 2, 2018, 1:17am

Are the two domains supposed to be using the same IP?

husseinsheikh · April 2, 2018, 1:19am

@rg305 Yes both links are on the same domain but on different servers.

rg305 · April 2, 2018, 1:20am

to be clear:
What are the internal and external IPs of the servers?

husseinsheikh · April 2, 2018, 1:21am

What is that got to do with this? Surely you can view the external ip already?

rg305 · April 2, 2018, 1:23am

If you are using only one external IP and trying to forward the same port (443) to two separate internal servers…
then you will fail (without additional considerations).

husseinsheikh · April 2, 2018, 1:24am

Any way round this to fix it?

rg305 · April 2, 2018, 1:26am

There are always ways…
But without more detail it is difficult to be specific on any direction/instruction.

husseinsheikh · April 2, 2018, 1:27am

443 is forwarding to physical server and www is on virtual machine on the same server

rg305 · April 2, 2018, 1:30am

Physical and virtual are considered as equal.
So there are two servers with two separate IPs.
The first server gets all the 443 requests.
The first server can handle the first service but fails to deal with the second servers’ service.
…You could add a reverse proxy on either server (or create an additional dedicated virtual server) to handle all 443 requests and then forward them to their specific internal server.

Ubuntu with NGINX and Certbot-Auto would do the trick nicely.

husseinsheikh · April 2, 2018, 1:33am

If I move www to the same server as mail, would LetsEncrypt installation remove the mail ssl ? Or would they both work on the same server?

husseinsheikh · April 2, 2018, 1:37am

Could I install certbot auto on www virtual machine or I need to install it on a dedicated virtual machine?

rg305 · April 2, 2018, 1:57am

If you could get both services to run from the same server, that may solve your problem.
LE would not remove anything unless you instruct it to do so.
It sounds like your servers are running IIS on Windows.
Certbot and Certbot-Auto are not Windows programs - they require some version of Linux.
That said, you could run a reverse proxy using NGINX (or Apache) for Windows and not have to learn another O/S and without having to dedicate a virtual system just for that one function.

system · May 2, 2018, 1:57am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.