Privacy error when linked from email

5starkarma · August 7, 2020, 9:43pm

My domain is: https://www.*.clearpath.site/

My web server is (include version): Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 19.10 (GNU/Linux 5.3.0-55-generic x86_64)

My hosting provider, if applicable, is: linode

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.36.0

What happens:

My SSL API Key on Linode expired the other day so I had to create a new one. I believe this is when the error started happening but I am not 100% sure.

When I click a link from a signed email it gives me the Privacy error which reads:

Your connection is not private
Attackers might be trying to steal your information from www.aces.clearpath.site (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID

… otherwise there is no security/SSL issues when visiting the site normally…

What could be the cause of this? What can I do to fix it? Google searches are not turning up any results.

Thanks

Osiris · August 7, 2020, 9:55pm

Your site only contains a SAN field with clearpath.site and *.clearpath.site. Such a wildcard hostname is only valid for just one field. So aces.clearpath.site would be valid for the current certificate. But by adding another field to the hostname (i.e., adding www to aces.clearpath.site to make www.aces.clearpath.site) makes the certificate invalid for that hostname.

Also, your browser – which is giving you this error – couldn’t give a rats *** on where you got the URI from, signed e-mail or totally unsecure e-mail Those two things are very much separated.

5starkarma · August 7, 2020, 10:02pm

That makes sense. I removed www. from the email links and they now work correctly.

Thanks!

Edit:

Also, your browser – which is giving you this error – couldn’t give a rats *** on where you got the URI from, signed e-mail or totally unsecure e-mail Those two things are very much separated.

Just added this in case it meant anything

Osiris · August 7, 2020, 10:03pm

Good thought, but alas, no, not in this case.

system · September 6, 2020, 10:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.