"https://" is greyed out; one certificate for 2 domains

As you can see, one website has green color https, the other doesn't. Both pass the ssllabs security check. Both are set up on Nginx reverse proxy.

I ran this command:

cd /opt/letsencrypt/
sudo ./certbot-auto certonly blog.oceanek.com, www.oceanek.com, oceanek.com

(found on some website an advise to separate the domains with comma, not with "-d" notation).

Under /etc/letsencrypt, there is only blog.oceanek.com directory. So I configured both nginx virtual servers with

ssl_certificate /etc/letsencrypt/live/blog.oceanek.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.oceanek.com/privkey.pem;
  1. Was this correct, to configure www.oceanek.com server as also pointing its ssl_certificate and key to blog.oceanek.com?

  2. Why is the "https" gray on www.oceanek.com?

  3. I cannot re-run the certbot-auto command anymore. It gives me red warning about Apache.

Yes. The three domain names are all on a single certificate, because you requested them in a single command. You can use certbot-auto certificates to see what certificates you have and what domains they cover.

It looks green from here (or at least, it did when I tried it a moment ago, but now it seems to be down entirely).

Maybe a browser extension is interfering?

That warning doesn't appear to be fatal. However, if you're using nginx you can select the nginx plugin instead of apache by adding the --nginx option to the certbot command.

1 Like

Whoops, sorry, jmorahan, I stopped nginx there while worked on tweaking default nginx file. It is up now and running.

Thank you!!! I went to check on another computer, and both are indeed green secured https. On my laptop, though, one is still grey, and the “Secure” word is missing. But, a huge load off.

Appreciate the cert-checking command. Yay!

The red warning was because nginx was still running. After stopping, generating a certificate for another bunch of domains went smoothly.

One last question: I am not quite clear, if certificate regeneration (running the command again) can be performed at any time? Without any changes in config files (either under letsencrypt, or in nginx)? Or, letsencrypt will sense that a certificate already exists, and won’t create a new one?

LE will check if the cert is close to expiring and renew it, otherwise it will skip the renewal process.
So it is safe to run renewal commands daily.

1 Like

Greyed logos without “Secure” can be a problem of insecure elements on the page, like images or scripts pulled in through http:// instead of https://.

If you notice the green logo and secure is gone, you should open the developer toolbar of your browser and go to the Console, reload the page and check what notice/warning you get. It should warn you about insecure elements.

You can also enter the URL on Why No Padlock?.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.