Google's warning about unsecure cert


#1

A few days after creating a cert for my domain I received an email from Google:

Google has detected that the current SSL/TLS certificate used on https://www.example.com/ does not include https://www.example.com/ domain name. This means that your website is not perceived as secure by some browsers.

I created my cert using instructions from PythonAnywhere Help.

I also tested my site in many browsers - there are no warnings of any kind.

SSLLabs grade of my website: A


#2

Without your domain name it’s tricky to be able to help fully.

Is the certificate for the domain with and without the www ? do you have a www version of your domain name ? Do you have a redirect / preference for if people use the www or not ?


#3

@serverco The domain is www.tickcounter.com. I have a redirect to www version. The cert is issued for www version.

Note that Google’s email clearly mentions www version only.


#4

The main error I can see if for people going to https://tickcounter.com as that refuses connections, and doesn’t redirect.

Google only mentions www. versions, and from a quick look I didn’t see errors there.


#5

Agreed, I will fix that. Could you point me to a solution? Should I add non-www domain to the cert?

However, the error message seems to be about something completely different. What would you advice to do next?


#6

I’d just fix the none-www version and see if you get any further updates from google.

Also, if anyone else here can spot anything.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.