Google flags my websites as dangerous yet am using letsencrypt ssl

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tendaafrica.net

I ran this command: sudo nginx -T

It produced this output:

server {
    if ($host = mailer.tendaafrica.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    # server block for 'mailer.tendaafrica.net' domain
    listen 80;
    listen [::]:80;
    server_name mailer.tendaafrica.net;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
     
    }

}

# server blocks for incoming HTTPS requests
server {
    # server block for 'api.tendaafrica.net'
    listen [::]:443 ssl;
    listen 443 ssl;
    server_name mailer.tendaafrica.net;

    # SSL configuration by certbot
    ssl_certificate /etc/letsencrypt/live/tendaafrica.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tendaafrica.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
       
    }





}


# configuration file /etc/letsencrypt/options-ssl-nginx.conf:
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

# configuration file /etc/nginx/sites-enabled/superset.conf:
#Apache Superset
server {
    if ($host = superset.tendaafrica.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    # server block for 'superset.tendaafrica.net' domain
    listen 80;
    listen [::]:80;
    server_name superset.tendaafrica.net;

    location / {
        proxy_pass http://localhost:8088;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
     
    }

}

# server blocks for incoming HTTPS requests
server {
    # server block for 'superset.tendaafrica.net'
    listen [::]:443 ssl;
    listen 443 ssl;
    server_name superset.tendaafrica.net;

    # SSL configuration by certbot
    ssl_certificate /etc/letsencrypt/live/tendaafrica.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tendaafrica.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        proxy_pass http://localhost:8088;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
       
    }





}


# configuration file /etc/nginx/sites-enabled/tendaafrica.conf:
# server blocks for incoming HTTP requests
server {
    if ($host = www.tendaafrica.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = tendaafrica.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    # server block for 'tendaafrica.net', 'www.tendaafrica.net' domains
    server_name tendaafrica.net www.tendaafrica.net;
    # redirect any HTTP request to HTTPS
    return 301 https://$http_host$request_uri;





    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/tendaafrica.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tendaafrica.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot








}
server {
    if ($host = api.tendaafrica.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    # server block for 'api.tendaafrica.net' domain
    listen 80;
    listen [::]:80;
    server_name api.tendaafrica.net;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

}
server {
    # server block for 'static.tendaafrica.net' domain
    server_name static.tendaafrica.net;
    root /var/www/tenda-main;
    index index.html index.htm;
    location / {
        try_files $uri $uri/ =404;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/tendaafrica.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tendaafrica.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot






}
server {
    # server block for all the other requests
    # this block will be a default server block listening on port 80
    listen 80 default_server;
    listen [::]:80 default_server;
    # close the connection immediately
    return 444;
}

# server blocks for incoming HTTPS requests
server {
    # server block for 'api.tendaafrica.net'
    listen [::]:443 ssl;
    listen 443 ssl;
    server_name api.tendaafrica.net;

    # SSL configuration by certbot
    ssl_certificate /etc/letsencrypt/live/tendaafrica.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tendaafrica.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }





}

server {
    if ($host = static.tendaafrica.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name static.tendaafrica.net;
    return 404; # managed by Certbot


}




server {
    if ($host = www.tendaafrica.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = tendaafrica.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name tendaafrica.net www.tendaafrica.net;
    return 404; # managed by Certbot




}

My web server is (include version): nginx

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: hostinger

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

2

The error you see doesn't have anything to do with certificates. Learn more here:
https://developers.google.com/safe-browsing/v4/advisory

4 Likes
3

You should also fix your redirect loop.

The above server block for port 443 (HTTPS) is redirecting to itself. All of these lines should be removed from this one server block

  if ($host = www.tendaafrica.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = tendaafrica.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    # redirect any HTTP request to HTTPS
    return 301 https://$http_host$request_uri;
3 Likes
4

thanks Mike

1 Like
5

alright, thank you

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.