Let's Encrypt cert works in Chrome, pops warning in Safari


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.enmtw.com

I ran this command: certbot --nginx

It produced this output: It succeeded

My web server is (include version): Nginx 1.10.3

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Microsoft Azure

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

When I visit my site in Chrome, SSL works just fine. In Desktop Safari (mobile works fine), I get a ‘Connection Not Private’ warning. Why is this happening? How do I fix it? God, I hate SSL.


#2

Hi @enmtw,

Your certificate isn’t valid for www.enmtw.com, only for enmtw.com. Chrome has made a questionable decision to ignore this particular error, while other browsers don’t. You can fix the problem by reissuing your certificate and making sure that it covers both names.


#3

Oops. Thanks, trying that now.


#4

When I run certonly, I can enter both domains. When I run the Nginx command, I am only prompted with the enmtw.com domain, not the WWW variant. Not sure what the syntax is to tell Certbot ‘hey, let me punch in my domains’.


#5

From what I see, chrome is not ignoring this, but rather allowed the website redirect to https root domain (which is still questionable…)

I believe for Nginx, it’s asking for vHost profiles right?

You can specify the domains by add flags -d enmtw.com -d www.enmtw.com

Thank you


#6

That did it! Thank you!

Might be a good idea to spell out the -d flag in the --help. It refers to a comma separated list of domains, which did not work.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.