Is my certficate legit

I dont know if i am posting this correct but i need your help

my site on the net is www.sitech.gr
and i want to know if my certificate information is legit or the provider is doing a scam !Σίτες, Ίλιον _ SITECH - Google Chrome 10_9_2020 5_46_45 PM

thanks in advance

1 Like

I can say: That cert looks legit.
See for yourself, there have been certs issued very recently: https://crt.sh/?q=sitech.gr

But I can't say whether or not a scam is actually being committed/or attempted.
[there is just not enough detail known about the entire "transaction" between you and "the provider"]

1 Like

The only "problem" I can find is that the certs are "not ideal".
One covers only the name "sitech.gr".
The other covers only the name "www.sitech.gr".

Unless those two names serve completely different content from completely different servers...
There probably should have been just one cert with both names on it.

1 Like

Look legitimate to me. Heed @rg305's advice well about generating a combined "SAN" certificate.



1 Like

to tell u the backstory of how i ended up here. i noticed in my mobile phone,my desktop pc my wifes mobile and 2 other friends desktops pc that my web site had not a certificate i contacted my web provider a bit mad and i made a print screen with the issiue and they reassured me that there was not a problem and my site had certifications (ill include my pic here also), and 10 min after the phone call i noticed that they had fix it. is there anway to see if they installed the certificate 10 min after my phone call?

2 Likes

btw thank u for the responses and sorry for my english :slight_smile:

3 Likes

Never apologize for your English. Sadly, most English-speaking people don't even know a second language. :laughing:

Using you can use your browser you can view your own certificate (and other site's certs) by clicking on the padlock, clicking the ">", then "More Information", then "View Certificate".
Here are the dates shown for your site (www.sitech.gr). You can use the "Not Before" time and compare it with the day/time you contacted the company to see if the certificate was issued before or after you contacted them.

image

2 Likes

Hi @raythorn

that problem doesn't longer exist. See https://check-your-website.server-daten.de/?q=sitech.gr

You have two certificates, one with the non-www, one with the www.

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-10-02 2020-12-31 www.sitech.gr - 1 entries duplicate nr. 1
Let's Encrypt Authority X3 2020-10-02 2020-12-31 sitech.gr - 1 entries duplicate nr. 1
cPanel, Inc. Certification Authority 2020-09-09 2020-12-08 cpanel.sitech.gr, cpcalendars.sitech.gr, cpcontacts.sitech.gr, mail.sitech.gr, sitech.gr, webdisk.sitech.gr, webmail.sitech.gr, www.sitech.gr - 8 entries

Both some days old.

And

  • there are redirects http -> https
  • both https versions are using the certificate

So your screenshot is expired.

Don't know what your provider has done. Now most is ok.

Not so good: You don't have a preferred version (www or non-www). May be add a redirect.

3 Likes

We're not sorry for your English. You do far better than Google Translate. :+1:

3 Likes

the phone call was today is it possible to add the certificate with previus date?
the not before date means that all the time untill 10/2/2020 my site didnt have a certificate?

3 Likes

Here's your whole certificate history. What was installed and functioning at which time I cannot say, but the certificates existed. :grin:

I don't immediately see any coverage gaps between "not after" and "not before", so plausible deniability is yours.

I may have misinterpreted your question. You can see exactly when any certificate was issued by following the link below and clicking on the certificate. The "not before" is one hour before the time the certificate was issued.

3 Likes

@griffin, Dang, you're fast! :laughing:

3 Likes

Gotta be fast around here or the wolves descend. :wolf:

3 Likes

Hi @raythorn,

One other possibility is that your site's certificate was installed, but the server was not configured to automatically redirect people connecting over HTTP to HTTPS.

In that case, people who explicitly went to https://www.sitech.gr/ would have seen the certificate and had a secure connection, but other people (including you, when you did your test) who went to http://www.sitech.gr/ (without the s) would have had an unencrypted connection.

The site is now configured so that everyone who visits it with either HTTP or HTTPS gets sent to the HTTPS version. But if you visited it a few days ago and didn't see the secure connection, this configuration might not have been in place yet. In that case, it's possible that your hosting provider made this change in response to your complaint or question.

4 Likes