Installed SSL is invalid

tonyhuang · January 25, 2021, 11:50pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.eddy4ai.com

I ran this command: sudo certbot --apache

It produced this output: Congratulations! You have successfully enabled https://www.eddy4ai.com

My web server is (include version): Apache/2.4.6

The operating system my web server runs on is (include version): CentOS Linux release 7.9.2009 (Core)

My hosting provider, if applicable, is: Alibaba Cloud

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

JuergenAuer · January 25, 2021, 11:55pm

Hi @tonyhuang

there are two critical errors, see your check, ~~4 hours old - https://check-your-website.server-daten.de/?q=eddy4ai.com#url-checks

First, you have created the wrong certificate:

CN=www.eddy4ai.com
	25.01.2021
	25.04.2021
expires in 89 days	www.eddy4ai.com - 1 entry

The non-www domain name is missing, so your non-www isn't secure.

Check your config with apachectl -S, add a ServerAlias, then create a new certificate with both domain names.

Second:

Domainname	Http-Status	redirect	Sec.	G
• http://eddy4ai.com/ 47.252.31.177	301	http://47.252.31.177/	0.407	D

• http://www.eddy4ai.com/ 47.252.31.177	301	https://www.eddy4ai.com/
Html is minified: 100,00 %	0.204	A

• http://47.252.31.177/	200	Html is minified: 132,50 %	0.450	H

• https://eddy4ai.com/ 47.252.31.177	301	https://47.252.31.177/	4.843	N
Certificate error: RemoteCertificateNameMismatch

• https://www.eddy4ai.com/ 47.252.31.177	301	https://47.252.31.177/	4.607	B

Redirects to ip addresses are always wrong. You don't have a certificate with an ip address. Redirect to your domain name.

tonyhuang · January 25, 2021, 11:59pm

Got it. Thanks a lot JuergenAuer! I haven't built a website since 1998 where I was using Frontpage. I'm refreshing my skills now. Your instruction is very informative and helpful!!!

rg305 · January 26, 2021, 2:20am

Wow!
Definitely time for an update
Says the guy holding their "Latest Version":

system · February 25, 2021, 2:20am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems: Help	7	13110	December 16, 2021
Installed, no error, but no ssl Help	3	688	August 7, 2019
Attempt two, use certbot to install certificates Help	3	753	March 12, 2020
Err_cert_common_name_invalid Help	15	704	February 4, 2021
Cert installed, but can't enable SSL Help	4	424	May 30, 2021

Installed SSL is invalid

Related topics