Not secure site but Certbot certification was OK

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: grasp.deals
My web server is (include version): Apache2
The operating system my web server runs on is (include version): Ubuntu 20.04 Desktop
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.31.0

Following the indications found here: How To Install the Apache Web Server on Ubuntu 20.04 | DigitalOcean I installed Apache Web Server in Ubuntu 20.04

This is my domain.conf :

raphy@pc:~$ cat /etc/apache2/sites-available/grasp.deals.conf 
    <VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName grasp.deals
        ServerAlias www.grasp.deals
        DocumentRoot /var/www/grasp.deals
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>

This is the sample HTML:

 raphy@pc:~$ cat /var/www/grasp.deals/index.html  : 

  <html>
      <head>
          <title>Welcome to grasp.deals!</title>
      </head>
      <body>
          <h1>Success!  The grasp.deals virtual host is working!</h1>
      </body>
  </html>

I enabled the file with a2ensite :

raphy@pc:~$ sudo a2ensite grasp.deals.conf 
  Site grasp.deals already enabled
raphy@pc:~$ sudo a2dissite 000-default-le-ssl.conf 
  Site 000-default-le-ssl disabled.
  To activate the new configuration, you need to run:
    systemctl reload apache2
    raphy@pc:~$ sudo apache2ctl configtest 
    Syntax OK

And this is the output of configtest :

raphy@pc:~$ sudo apache2ctl configtest
[Wed Oct 05 15:37:51.033941 2022] [tile:notice] [pid 21765:tid 139778198207552] Loading tile config ajt at /hot/ for zooms 0 - 20 from tile directory /var/lib/mod_tile with extension .png and mime type image/png
Syntax OK

I restarted Apache to implement the changes:

raphy@pc:~$ sudo systemctl restart apache2

Following these indications: Certbot Instructions | Certbot
I deployed the Let's Encrypt certification:

raphy@pc:~$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: grasp.deals
2: www.grasp.deals
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Requesting a certificate for grasp.deals and www.grasp.deals

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/grasp.deals/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/grasp.deals/privkey.pem
This certificate expires on 2023-01-03.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for grasp.deals to /etc/apache2/sites-available/grasp.deals-le-ssl.conf
Successfully deployed certificate for www.grasp.deals to /etc/apache2/sites-available/grasp.deals-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://grasp.deals and https://www.grasp.deals

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The SSL Labs test is OK:

image
image1920×1546 124 KB

The check-your-website.server-daten.de output:

image
image1920×1362 136 KB

image
image1920×1490 194 KB

image
image1920×1605 311 KB

image
image1920×2469 163 KB

But if I digit in a browser http://grap.deals I get this: NET::ERR_CERT_AUTHORITY_INVALID

image
image2000×973 134 KB

Where do I have to specify the path to the certificates?
How to make it work?

2

Have you tried just restarting Chrome? Because everything I checked looks fine (plus all the stuff you showed was fine).

6 Likes
3

I've just now cleaned all the cache in Chrome and restarted the browser.
If I digit in the address bar : https://grasp.deals
I get the same error Certificate not valid

image
image2000×1044 149 KB

A doubt ... do I have to specify the path to the certificates in the Apache Web Server configuration files? And where, if the case?

4

Where I see this with Windows 10 Version 105.0.5195.127 (Official Build) (64-bit)

image
image1685×979 28.9 KB

1 Like
5

With my smartphone Android with Google Chrome for Android the same:

"Success! The grasp.deals virtual host is working!"

So.... what might be the problem with the Ubuntu 20.04 Desktop , which is the same PC I'm using at the moment as Web Server?

6

What does it say if you click in the error window on the item for "Certificate is not valid"?

It might show the cert it sees or some other extra info.

Is that the same machine you are connecting to this forum with?

6 Likes
7

Yes. It's the same machine I'm connecting to this forum with.

When clikcing on the item "Certificate is not valid" I get this:

image
image2000×1293 149 KB

image
image2000×1335 145 KB

This is the Port Mapping of the Vodafone Station:

image
image1920×1932 109 KB

And its Firewall Configuration :

image
image2000×1026 151 KB

Firewall configuration in Ubuntu 20.04 :

raphy@pc:~$ sudo ufw status
Status: inactive
1 Like
8

You may need to force your PC DNS system to resolve the name grasp.deals to the internal IP 192.168.1.7.
You can do that by adding an entry to the local hosts file:

  • /etc/hosts
  • %windir%/system32/drivers/etc/hosts
6 Likes
9

In etc/hosts it was set only http://grasp.deals

I've now set:

127.0.0.1       localhost
127.0.1.1       pc
127.0.0.1       http://grasp.deals
127.0.0.1       grasp.deals

127.0.0.1 https://grasp.deals

And the same message : "Success! The grasp.deals virtual host is working!"
appears also in this PC

image
image2000×384 75.5 KB

Thank you very much @MikeMcQ and @rg305 for your kind help

3 Likes
10

Remove this entry:

Gald it all works now :slight_smile:

6 Likes
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.