err_cert_authority_invalid


#1

I successfully installed Let’s Encrypt at Envesti.com and RichardGengel.com. But when installing at BeLikeBrit.org, Google Chrome and many other browsers do not trust it. Really not to sure what to do, have been researching for hours. Will add more information below:

server {
listen 443 ssl;
root /var/www/belikebrit.org/public_html;
index index.html index.htm index.php;
server_name belikebrit.org www.belikebrit.org;
ssl_certificate /etc/letsencrypt/live/belikebrit.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/belikebrit.org/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers ‘EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH’;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;

    location / {
        try_files $uri $uri/ /index.html;
        rewrite ^/([A-Za-z0-9-]+)/$ index.php?page=$1 last;
        rewrite ^/([A-Za-z0-9-]+)/([A-Za-z0-9-]+)/$ index.php?page=$1&title=$2 last;
        rewrite ^/([A-Za-z0-9-]+)/([A-Za-z0-9-]+)/([A-Za-z0-9-]+)/$ index.php?page=$1&title=$2&hash=$3 last;
    }

    location ~ /.well-known {
            allow all;
    }

    error_page 404 /404.html;

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
          root /usr/share/nginx/html;
    }

       # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_read_timeout 360;
            fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
            include fastcgi_params;

    }

    location ~ /\.ht {
       deny all;
    }

    location /core {
            auth_basic "Admin Login";
            auth_basic_user_file /etc/nginx/pma_pass;
    }


    location /timoun {
            proxy_pass http://localhost:1337;
    }

}

server {
listen 80;
listen [::]:80;
server_name belikebrit.org;
rewrite ^/(.*) https://belikebrit.org./$1 permanent;
}


#2

Well, your server servs the following certs:

Certificate chain
 0 s:/CN=fake/O=My Company Name LTD./C=US
   i:/CN=fake/O=My Company Name LTD./C=US

That’s not Let’s Encrypt obviously…

Did you reload/restart ngingx et cetera?


#3

Are you sure that your web server is terminating the TLS connection? There’s an odd via: 1.1 stark, 1.1 stark header being sent by your server. Is there some kind of reverse proxy, CDN, load balancer or something like that in front of your web server?


#4

Certificate chain
0 s:/CN=www.belikebrit.org
i:/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
1 s:/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3

I ran the same command


#5

I pointed the domain back to godaddy for the day/night… I’m going to rebuild from Scratch tomorrow if I can’t find the answers tonight…


#6

belikebrit.org points to 184.168.131.233… Is that correct?


#7

Yes, 184.168.131.233


#8

The website jumps back and forth from the SSL and Privacy Error message…


#9

2016/04/20 12:22:07 [warn] 13311#0: “ssl_stapling” ignored, host not found in OCSP responder “ocsp.int-x3.letsencrypt.org/