Installed SSL Certificate successfully on a website, still getting the "your connection is not secure" message


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Title says most of it. I’m still getting the “connection is not secure” message on one of my websites after installing a let’s encrypt SSL. It was working previously, I am not sure what changed. I run multiple websites and this is the only website having an issue.

I’ve tried deleting and reinstalling the cert, did not fix the issue. Not really sure where to go from here, any direction or advice is appreciated.

My domain is: https://www.menzel-music.com/

My web server is (include version): Not sure

The operating system my web server runs on is (include version): Linux (don’t know version)

My hosting provider, if applicable, is: Rackspace

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Onyx


#2

You have lots of problems. Go to https://whynopadlock.com/ and test your domain, and read what it says. This will be a good start for your troubleshooting.


#3

Thanks, I usually do use whynopadlock when moving a site over from http to https, I guess I missed this one.

Can you give me a little bit of info on the errors I’m receiving?

Force HTTPS Your webserver is not forcing the use of SSL. You may want to add a redirect to ensure a secure connection is used. More Info.

Typically what I use to redirect to https is this code: Redirect 301 / https://menzel-music.com/

I put this inside my ‘httpdocs’ folder, so people are redirected into the site in my ‘httpsdocs’ folder. i see the htaccess code suggested on whypadlock is not the same. Should I be using this instead? I just tested it out and it did not seem to successfully redirect me away from http.

Protocols You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won’t break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

How would I go about changing TLSv1? Can I do this without contacting my hosting provider?


#4

Changing the protocols that the site uses requires administrative access. If you aren’t the administrator, only the administrator can do it. This may be controversial because, while it’s required by PCI for sites that accept credit cards, the change will reduce browser compatibility. So if there are other sites hosted on the same machine that don’t accept credit cards, they may be reluctant to disable TLSv1 and thereby stop working in some old browsers.

The biggest problem with your site security right now is not the presence of TLSv1, but the fact that your certificate only covers menzel-music.com and not www.menzel-music.com. These are separate names which should both be listed in your certificate if users may access the site using either name.


#5

Sorry, if this was a Windows environment I’d be all over it, but my Linux is a bit rusty lately since the only time I get to play on it is with my Raspberry Pi’s at home. I’m sure others will have tons of knowledge to share with you.


#6

Thank you schoen. This is extremely helpful. I doubt we will be disabling TLSv1 as that is the case, there are many websites on this server that do deal with purchasing, I do not feel it would be worth it.

I do not have access to the terminal, anything I do I do through the control panel (plesk), if there is something that needs to be changed beyond that I have to contact my host which always seems to be quite the lengthy process.

Thank you for the information about my cert not covering the ‘www’ url. Do you know how I can go about fixing this? I’ll be doing some research, as like I said all my other sites are working fine on both urls.

Thanks again for your help, very helpful.


#7

Did you specify the domain names to be covered when you originally obtained the certificate using the Plesk control panel?


#8

I was not given the option, in Plesk I click on the security advisor tab, and in here i simple select the domain and click ‘install SSL Certificate’ The domain names included must be selected in a different location


#9

If there’s anywhere in Plesk that you can confirm that the site is supposed to host the www and non-www versions, then you should do that—otherwise I’d suggest contacting the hosting provider and/or Plesk support and asking what you have to do to ensure that you get a certificate for both www and non-www (or why the behavior is apparently different from one domain to another).


#10

I found a section that looks like what I am looking for, see this screenshot: https://imgur.com/a/0R1fLtu7

It seems I am able to included ‘www’ in the cert with this checkbox. Although when I click check the box and click renew I get this error:

Warning: Failed to resolve the challenge for www.menzel-music.com.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/RdH55-h1onZjvzvQjYcTbbxT42XoLrp90DAfRTxwiG0.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://www.menzel-music.com/.well-known/acme-challenge/UhvSCfURyIVF3mVRrvWaQqaOQxVOO40_IZz4PUS0jf4: "

404 Not Found

Not Found

<p"

Does this error give you any insight as to why it may not be working? Thanks.


#11

I’ve successfully fixed the problem. It I had attempted to fix the ‘www’ issue by “preferring” the url without www (an option inside plesk) unchecking the box seems to have fixed it.

I’ve also noticed that I often get errors when trying to change settings in plesk if I have my .htaccess file inside the httpdoc folder (directing to the httpsdocs folder). Although my issue is solved if anything can give me any insight into this I’d appreciate it. My .htaccess file is just a simple redirect. Here is the code:

Redirect 301 / https://menzel-music.com/


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.