Error message says letsencrypt SSL certificate is not secure


#1

hi I want to use letsencrypt SSL and it is important to contribute as to problems so get resolved. My Programmer installed the letsencrypt SSL certificate on our host linux instance and for his laptop viewing in Russia, it says all is secure. But on mine, here in USA, it says is not secure, puts a line thru the “https://” and says error message exact as per below:

There is a problem with this website’s security certificate.
The security certificate presented by this website was issued for a different website’s address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Recommended iconClick here to close this webpage.
Not recommended iconContinue to this website (not recommended).
More information More information

This certainly is worth sharing, in case others have same problem. Chrome only said “error,not secure” where as the more detailed message was when I tried using IE10. Any help, suggestions, or commnets welcome, hope sheds light on any possible problems may be going on here.

Thanks, Philmcdavid@yahoo.com


#2

Sounds like the cert is issued for the domain only and not for the www hostname or vice versa.


#3

hi thanks TCM! for your reply. I am pro more at admin biz marketing, biz model planning, etc. byt more newbie at tech rqmts, protocols, etc. so thanks in advance for your understanding. I started over a year ago by coming up with 3 domain names I liked, and wanted to reserve, and found a good deal on namecheap.com, at the time. All 3 have their format in the registration of the domain names as same as this one: “algotradersedge.com” not as http://www.algotradersedge.com. Namecheap says they can not change the format of these original domain name registrations. Is this correct? Namecheap support looked on my host server, which is linux amazon AWS, and found the letsencrypt.oorg SSL certificate is set up correctly for use with “algotradersedge.como” only, NOT for the essential required standart format “http://www.algotradersedge.com” which namecheap says they can not help me fix. They say I must have tech help from Amazon do this. Would anyone here know exactly what all stepwise needs done and how the domain name registration must be changed in terms of its format, so it conforms to “http://www.algotradersedge.com”? I also want do same for ending of .“net” and would prefer know each exact step required before I contact Amazon AWS to be sure I fix all required to make so that all works properly with the letsencrypt.org SSL cerificate format. It seems to me the original domain name was not done correctly, as it wants to be “http://www.algotradersedge.com” hence does this require doing a new domain name registration then a new letsencrypt certificate to match? This is confusing, because Namecheap support claims they can not change the domain format, it sounds like they do not want to eat the expense, but I do not actually know what the reala reason is here.OK now I learned that “www.algotradersedge.com” is a SUBDOMAIN of the root domain algotradersedge.com so I need have my host provider do a "CNAME REDIRECT TO PULL UP SUBDOMIAIN NAME WWW.algotradersedge.com, then redo the letsencrypt.org SSL certificate to match incouding the “WWW.” once after I have completed this SUBDOMAIN REDIRECT REQUEST TO INCLUDE "WWW."
I know this must be bare bones fundamental stuff for the well versed internet pros, but for many of us, this particular post may be VERY helpful, as there are many business folks as yet not knowledgeable on these type details. Please add any additional comments/details I likely may have missed, yet need to know, before I contact the host amazon. Much thanks in advance, for all and what you are doing in this project.


#4

Neither Amazon nor Namecheap will be able to be of assistance. It is not a problem with your domain or with your AWS instance. Your domain seems to be configured correctly and both www.algotradersedge.com and algotradersedge.com point to the same AWS server.

You stated that your programmer installed the certificate on your server. When he was requesting the certificate from Let’s Encrypt, he had to supply a list of domain names that should be covered by the certificate. As it stands right now, he only included algotradersedge.com but not www.algotradersedge.com. That means the certificate is valid when you visit https://algotradersedge.com, but not when you visit https://www.algotradersedge.com.

This can be solved by letting your programmer reissue the certificate while including www.algotradersedge.com. The specifics would depend on how he issued the certificate in the first place, but in general, he can do so by passing multiple -d arguments to the client, e.g. -d algotradersedge.com -d www.algotradersedge.com.


#5

dear pfg, thanks so much for your feedback, it is such an invaluable reply with very direct, insightful, and detailed specifics which makes my admin job so much easier, instead of my ending up trying to trying to contact tech support when now I have the precise required actions need be taken to fix, resolve the problem. May I make a more general form of compliment here? I truly hope that you remain an active participant within the letsencrypt technical problem solving community, because you did the best job of evaluating, examining, then exactly answering what was causing these problems, and then just how to proceed to tend to follow up and fix same. Much kudos to you for this and I am sure this post will prove most helpful to so many others, who are mostly, only more apt on the admin, marketing side of planning biz models and marketing methods, etc. Again, true thanks here. Philmcdavdi@yahoo.com


#6

My programmer did a “redirect” which has the front URL on front of our web page show as “https://” which looks fine on the actual front address URL on our actual site, www.algotradersedge.com, but we are still getting error messages:

I am annoyed by this problem which shows problems with our security and gives just a warning on Chrome (puts a red line through the “https://” and gives warning not secure site, someone may be trying to spy or collect personal data from you" then examples, etc. which just has people quick leave.

Internet Explorer Ten also has an error screen, warning there is a problem, but they do try and explain what their computer servers are detecting is wrong; here is the information they show:

There is a problem with this website’s security certificate.

The security certificate presented by this website was issued for a different website’s address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.

Continue to this website (not recommended).

More information

When I click to go to the website, I see clearly the https:// is showing, so I keep wondering why these warnings keep coming up? now that we have the https:// showing clearly on our site? this makes no sense to me, indeed shows how there can be many variables which can cause a glitch make servers see red, detect, or think same, of problem(s), even though when you actually click on through to the site, it shows the “https://” clearly displayed, yet something still has the internet IP providers’s servers detecting a problem.

What looks like a biggest part of the problem whatever the cause, is this IE error it states: "
The security certificate presented by this website was issued for a different website’s address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. so it seems this should be the place we sort out. It helps at least that IE tries to help with some information what it is detecting is the problem. Kudos to Msft for this.

I will post back up on LetsEncrypt.org forum and let us see if we can get some more excellent pro help as is clear we need it. I am the marketing guy, and you are the programmer, so we will ask for help together, and thanks in advance all at Letsencrypt.org for all the sage help indeed, it helps others too, no doubt this will come up for others at some future time, will have the same type problem present and your team will help resolve it.


#7

You still have a cert for algotradersedge.com only, you need to replace it with one for both algotradersedge.com and www.algotradersedge.com before doing anything else.


#8

dear Cool117,
thanks for your reply! my programmer did the “redirect” step only I tested and got back to him, let him know it did not work still showing error messages. So I needed post again here so I can in turn take this back to him, so he will take care of this, as he only saw it looked ok on his end. Fortuanately we can test on my end, and see what we get. Again, much thanks, especially as I am a newbie at much of the internet methods of protocol, configurations, etc. I will send him this information and then after it is done, will reply back here if any further problems. Again, much thanks.


#9

thanks all the help! my programmer did these correct steps and now all is well.