Migrated from iPage to Zoho Sites, cert not valid on new host

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dealerappvantage.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Zoho Sites (newly migrated from iPage)

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes on the old hosting provider

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

To give a better understanding of the chain of events:

Originally we were hosting on iPage, but recently decided to move to Zoho Sites. We built the new site on Zoho sites and forwarded the domain to the new host via GoDaddy. We turned on the SSL function in Zoho Sites (which uses Let’s Encrypt). Everything is ok when you include www in the url, but if you just type the domain https://dealerappvantage.com we now get page not secure message. I fear we have placed our domain into an SSL limbo. Today I deleted the SSL cert and removed the domain from iPage. We understand we did not properly attempt to migrate our site, we were completely down for a few days and was a rush effort to get things running again. What is the best way to resolve this conflict?

1 Like

This starts as a problem in DNS:

Name:    dealerappvantage.com
Address:  184.168.131.241

Name:    zhs.zohosites.com
Address:  136.143.190.73
Aliases:  www.dealerappvantage.com

Which creates a misconfiguration in your site.
[Which should include the base domain].

openssl s_client -connect 136.143.190.73:443 -servername www.dealerappvantage.com | grep subject
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = www.dealerappvantage.com
verify return:1
subject=CN = www.dealerappvantage.com

openssl s_client -connect 136.143.190.73:443 -servername dealerappvantage.com | grep subject
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.zohosites.com
verify return:1
subject=OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.zohosites.com

And it’s also missing the base domain in the cert.
See: https://www.ssllabs.com/ssltest/analyze.html?d=www.dealerappvantage.com

In summation: You’ve only migrated the WWW site.

1 Like

Thanks so much for that response and explanation! Please forgive my ignorance, im very much a n00b when it comes to this stuff :weary: . What are the steps I would need to take to remedy this?

1 Like

If you want both names to be served by the same system/IP via HTTPS.

  • You will need to update DNS to point both names to the same IP.
  • You will need to configure the web server to service both names (initially via HTTP).
  • You will need to obtain a certificate with both names on it
  • You will need to configure the web server to service both names via HTTPS
  • You can then forward HTTP to HTTPS
  • You can also forward the root name to WWW name (or the other way)
2 Likes

Sorry for the late reply, thank you so much for all your help!!

2 Likes