where I see cert life,?
also cerbot certificate is it a comment or some file
where I see cert life,?
also cerbot certificate is it a comment or some file
I don't see one. But your configuration isn't good:
Domainname | Http-Status | redirect | Sec. | G |
---|---|---|---|---|
• http://vorman.mooo.com/ | ||||
148.75.65.185 | 302 | http://vorman.mooo.com/index.php/login | 0.506 | D |
• http://vorman.mooo.com/index.php/login | 200 | 0.637 | H | |
• https://vorman.mooo.com/ | ||||
148.75.65.185 | 302 | https://vorman.mooo.com/index.php/login | 6.486 | A |
• https://vorman.mooo.com/index.php/login | 200 | 2.660 | A | |
You have a redirect to your login page. But the login page uses http, which is bad.
So http -> https, then / -> login.
root@vorman:~/lets# certbot certificates
bash: certbot: command not found
Sorry!
certbot-auto certificates
LOL
please show , confused
Check it
https://check-your-website.server-daten.de/?q=vorman.mooo.com
Your browser may cache the https status, so you can't use your browser to test such things.
But a new user doesn't use https if there is no redirect.
thanks let me write this down lol. and how I renewed. next time be easier for me. appreciate the help
Just use:
certbot-auto
or
certbot-auto renew
Which can be called from a cron job (twice a day is the recommendation).
It will only actually renew when less than 30 days are left.
this is still French to me, sorry , how I fix it ?
The config doesn’t force HTTP to HTTPS.
So anyone going to http://vorman.mooo.com/
gets this:
wget http://vorman.mooo.com/
–2018-12-08 11:01:22-- http://vorman.mooo.com/
Resolving vorman.mooo.com (vorman.mooo.com)… 148.75.65.185
Connecting to vorman.mooo.com (vorman.mooo.com)|148.75.65.185|:80… connected.
HTTP request sent, awaiting response… 302 Found
Location: http://vorman.mooo.com/index.php/login [following]
–2018-12-08 11:01:23-- http://vorman.mooo.com/index.php/login
Reusing existing connection to vorman.mooo.com:80.
HTTP request sent, awaiting response… 200 OK
Instead of:
https://vorman.mooo.com/index.php/login
I understand this part but where in the file I fix it ? and how
From example #1 at: https://redmine.lighttpd.net/projects/1/wiki/HowToRedirectHttpToHttps
This will redirect ALL http connections to https.
Add to your LIGHTTPD config (and restart web service):
$HTTP["scheme"] == "http" { # capture vhost name with regex conditiona -> %0 in redirect pattern # must be the most inner block to the redirect rule $HTTP["host"] =~ ".*" { url.redirect = (".*" => "https://%0$0") } }
Now you have a Grade B, this is ok. Your users are redirected to https, so you don't have http anymore.
Adding HSTS (to get a Grade A) - wait some time.
If HSTS is set and the certificate is expired, the user can't create an exception. So the page would be blocked.
--
So HSTS (+ preload) is a wonderful security feature. But it requires always valide certificates and a working renew function.
The server preferred cipher suite order needs some proper re-ordering (in strongest to weakest order):
I'm not SslLabs. This is my own check because I don't want to test all these things manual.
Before, the site had Grade H - no https, now B.
I hit the max limit of replies in one day yesterday ,
Thanks a lot to you and @rg305. Very helpful
Why is my certificate showing expired if I renewed it
You have created a new certificate.
2018-12-08.
But
|CN=vorman.mooo.com (464)|27.09.2018|25.12.2018 expired|vorman.mooo.com - 1 entry
you don’t use it.
Did you restart / reload your server?
Yes but still
Why points to archive I see 2 certificates in fullchain
0 lrwxrwxrwx 1 root root 44 Dec 8 05:46 /etc/letsencrypt/live/vorman.mooo.com/fullchain.pem -> …/…/archive/vorman.mooo.com/fullchain2.pem
root@vorman:/home/pi#
https://www.sslchecker.com/sslchecker
https://www.sslshopper.com/ssl-checker.html#hostname=Vorman.mooo.com
Please show the output of
certbot certificates
Then you have the name of your correct certificate. Then you can change the file names in your vHost.