net::ERR_CERT_AUTHORITY_INVALID

This worked for getting the SSL cert!!

But now when I navigate to the url I get redirected to http but I'm still getting a SSL error?

net::ERR_CERT_AUTHORITY_INVALID

@mkennedy228 I moved your post to its own thread. We prefer each unique problem to have its own. Had you posted in a new thread to start you would have been shown the form below. Please complete as much as you can.

To help with this we will at least need your domain name, info about the kind of server you use, and the URL that is failing. Thanks

================================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

3 Likes

My domain is:

manage-docks.mkinc.ca

I ran this command:

It produced this output:

My web server is (include version):

Nginx v2.12.1

The operating system my web server runs on is (include version):

Runs in a docker container on a synology DS918+

My hosting provider, if applicable, is:

namecheap

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

Not sure what is meant by this.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 2.11.0

Using the namecheaps API I was able to get a SSL cert issued ... but when I go to the URL only http works, not https.

Nope, an openresty webserver is responding on that hostname, not nginx. Not the usual nginx that is.

Also, your webserver, whichever it may be, responds with HTTP on port 443, not HTTPS. How did you configure your openresty?

I dont recall having an openresty web server responding on that hostname. Can you try again? I did have a pihole running a while ago? maybe it was that?

Still openresty. Does your DNS have the right public IP? Have you checked your port forwarding or NAT?

curl -I  http://manage-docks.mkinc.ca
HTTP/1.1 200 OK
Server: openresty

# HTTPS fails (port 443)
curl -I  https://manage-docks.mkinc.ca
curl: (35) error:0A00010B:SSL routines::wrong version number

# Port 443 replies to HTTP request.  It should not 
curl -I  http://manage-docks.mkinc.ca:443
HTTP/1.1 200 OK
Server: openresty

You can use these test tools to verify this

Let's Debug can reach you on HTTP. That's why it says OK. But, look at the detail info and you'll see the openresty response header.

3 Likes

It looks like I had both port 80 and 443 pointed at port 80 of the docker container. I think everything is resolved now.

1 Like

Good. Did you figure out openresty?

2 Likes

"nginx proxy manager" actually uses openresty, not regular nginx.

It's not mentioned on their website, docs or the "main" project (GitHub - NginxProxyManager/nginx-proxy-manager: Docker container for managing Nginx proxy hosts with a simple, powerful interface), but it's clearly labeled on the Docker Image repo - GitHub - NginxProxyManager/docker-nginx-full: Docker image with compiled Nginx (OpenResty) and OpenSSL with all the stock Nginx plugins enabled..

6 Likes