This server could not prove that it is haveibeenexploited.com ; its security certificate is from *.haveibeenexploited.com . This may be caused by a misconfiguration or an attacker intercepting your connection.
My web server is (include version):
It is a react App The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS My hosting provider, if applicable, is:
godaddy I can login to a root shell on my machine (yes or no, or I don't know):
yes I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.27.0
Other things
So everything works pretty great with certbot and I got excellent help 1-2 days ago here (for free of all things, crazy). I made a DNS wildcard cert and it worked great. But I realized I didn't cover the other alternate domain http://haveibeenexploited.com (or at least I think it didn't; and I probably didn't need the wildcard). So I got a cert for haveibeenexploited.com with the --webroot option.
What is weird is that http://haveibeenexploited.com works in the browser and redirects to https as my app's been directed to do, but when I type https://haveibeenexploited.com in the browser, I get the error message about the cert. Any ideas why?
You do need to replace that cert with both names (if you expect to use the root domain).
or maybe you already have a “better” cert…
Please show the output of: certbot certificates
Yes, it is a minor issue that it doesn't work in this one case without the www.
Replace the *.haveibeenexploited.com cert with both names?
I did the DNS cert on a separate machine....so here is that output of certbot certificates there:
Found the following certs:
Certificate Name: haveibeenexploited.com
Domains: *.haveibeenexploited.com
Expiry Date: 2020-05-31 15:31:52+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/haveibeenexploited.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/haveibeenexploited.com/privkey.pem
And here is the output on the other machine:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 1.2.0 renewal configuration file found at /etc/letsencrypt/renewal/haveibeenexploited.com-0001.conf with version 0.27.0 of Certbot. This might not work.
Renewal configuration file /etc/letsencrypt/renewal/haveibeenexploited.com.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.
*.haveibeenexploited.com
AND haveibeenexploited.com
[they look alike but are not one and the same - like your children my have your last name but they are NOT you]
So neither cert (on either machine) can cover both names, at the moment.
You need to rerun the cert process and include both names: -d '*.haveibeenexploited.com' -d haveibeenexploited.com
switch to the new cert
then delete the unused ones.
Okay, thanks for the extra clarifications (I need it).
So I
ran sudo certbot certonly --webroot -w /web/server/path -d www.haveibeenexploited.com -d haveibeenexploited.com and got the new certs.
Deleted the DNS certificate I had on my first machine (with sudo certbot delete --cert-name haveibeenexploited.com and then also removed the .txt record I had for the DNS challenge on godaddy.
But the cert still shows as *.haveibeenexploited.com and I still have the same issue.
