Installed correctly, but still says Certificate error using Edge

Ivor · January 3, 2018, 11:35am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ivorselby.co.uk

I ran this command: Microsoft Edge url of : https://www.ivorselby.co.uk/

It produced this output: This site is not secure

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): AWS EC2 Linux
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

serverco · January 3, 2018, 11:41am

It looks as if you have generated a certificate via the test server, not the production server

getting cert from server - ivorselby.co.uk

Certificate chain
 0 s:/CN=ivorselby.co.uk
   i:/CN=Fake LE Intermediate X1
 1 s:/CN=Fake LE Intermediate X1
   i:/CN=Fake LE Root X1
---
Certificate:
Issuer: CN=Fake LE Intermediate X1
Not Before: Jan  3 10:17:47 2018 GMT
Not After : Apr  3 10:17:47 2018 GMT
Subject: CN=ivorselby.co.uk
Public Key Algorithm: rsaEncryption
DNS:ivorselby.co.uk

How did you generate the certificate ?

Ivor · January 3, 2018, 12:26pm

I had used

sudo /home/ec2-user/certbot-auto --apache --expand -d ivorselby.co.uk -d www.ivorselby.co.uk –debug

But that said it had installed but gave certificate error in Edge, so I tried

sudo /home/ec2-user/certbot-auto --apache –staging

and still got the same response

serverco · January 3, 2018, 12:40pm

“–staging” is the staging or test server which is the certificate you have installed - so try without the “–staging” flag

Ivor · January 3, 2018, 1:56pm

Tried it, but please see attached

miked · January 24, 2018, 12:07pm

I’m getting a similar error and got a big green A at https://www.ssllabs.com/ssltest/analyze.html?d=train.climate.com.au

But when I looked at the detail of Certificate #2: RSA 2048 bits (SHA256withRSA) - which I didn’t realize was there I see the problem is given …

Subject ssds.climate.com.au
Fingerprint SHA256: d2b12ed11e597649c9c8a2b92cb02603f70c1db858b8abb591087bda9710c6bf
Pin SHA256: cyouIXjepMNQXey2HARzBqf44EwI2glIFPapORIDm4Q=
Common names ssds.climate.com.au
Alternative names ssds.climate.com.au MISMATCH
Serial Number 03b5e5384e8e90fa633e8dcc68eebaaa2f73
Valid from Sun, 17 Dec 2017 12:01:32 UTC
Valid until Sat, 17 Mar 2018 12:01:32 UTC (expires in 1 month and 21 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer Let’s Encrypt Authority X3
AIA: http://cert.int-x3.letsencrypt.org/
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency No
OCSP Must Staple No
Revocation information OCSP
OCSP: http://ocsp.int-x3.letsencrypt.org
Revocation status Good (not revoked)
Trusted No NOT TRUSTED
Mozilla Apple Android Java Windows

And so I would like to remove all certs and start again. There must be some reference to ssds.climate.com.au in the train.climate.com.au certificate.

I have seen another thread indicating certbot delete ought to work but I’m on Ubuntu 16.04 LTS and the latest certbot is 0.19.0 so I don’t think that’s an option for me.

I’m not confident mucking around here and would appreciate any pointers.

Many thanks

Mike

system · February 23, 2018, 12:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.