I get this error from google webmaster Self signed SSL/TLS certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:knoozi.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):apache

My hosting provider, if applicable, is:google cloud

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

Hi @seoman2012,

I see no reason for the Self Signed Cert warning received from Google Webmaster for your domain knoozi.com

Your web server is serving the right certificate for the domains covered by the cert:

$ echo | openssl s_client -connect knoozi.com:443 -servername knoozi.com 2>/dev/null | openssl x509 -noout -text | grep -Ei '(Before:|Issuer:|DNS:)' | sed "s/^[ \t]*//"
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Not Before: Feb 19 18:13:44 2018 GMT
DNS:knoozi.com, DNS:www.knoozi.com

$ echo | openssl s_client -connect knoozi.com:443 -servername www.knoozi.com 2>/dev/null | openssl x509 -noout -text | grep -Ei '(Before:|Issuer:|DNS:)' | sed "s/^[ \t]*//"
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Not Before: Feb 19 18:13:44 2018 GMT
DNS:knoozi.com, DNS:www.knoozi.com

Sometimes this warning can be produced because that tool try to access your web server not using SNI so the default configured cert is served (and it is usually a self-signed cert issued just for the hostname of the machine or it is another unrelated domain) but it is not the case too, you are serving the right cert.

$ echo | openssl s_client -connect knoozi.com:443 2>/dev/null | openssl x509 -noout -text | grep -Ei '(Before:|Issuer:|DNS:)' | sed "s/^[ \t]*//"
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Not Before: Feb 19 18:13:44 2018 GMT
DNS:knoozi.com, DNS:www.knoozi.com

I could think that you are using IPv6 and the server is misconfigured to serve your domain via IPv6 but you have no AAAA records for your domain.

Maybe some buddy here on the forum have more experience using Google Webmaster tool and have any clue to share with you… also, I would say to contact Google to know what is going on but I suppose that is an impossible mission :P.

Cheers,
sahsanu

1 Like

fwiw I have received a couple of reports from our customers in recent weeks with the same problem (after years of never hearing about this). I have no idea what to tell them. I really doubt that Google is crawling the internet with TLS clients that don’t implement SNI, but it does seem a problem of their own making.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.