Problem with ssl

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www.beyou.nl

I ran this command:

It produced this output:

My web server is (include version)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi when i want to creatie an lets enrypt ssl on Kinsta.com it says that there already is on but how can i add that? Now i cannot add it there and my website dont run over ssl. I realy hope some one van help to fix.

2 Likes

Welcome to the Let's Encrypt Community, Joey :slightly_smiling_face:

From your certificate history...

it looks like you:

  • acquired 5 correct Let's Encrypt certificates for the apex domain name (beyou.nl) and www subdomain name
  • got duplicate rate-limited for correct Let's Encrypt certificates (limit 5 duplicate certificates / 7 days)
  • acquired a correct Sectigo certificate for the apex domain name and the www subdomain name
  • acquired 3 incorrect Let's Encrypt certificates for only the apex domain name
  • acquired an incorrect Let's Encrypt certificate for only the www subdomain name
  • acquired an incorrect Let's Encrypt certificate for only the apex domain name

Hopefully you still have at least one of the first five certificates I mentioned (and its private key) because you want to install one of those five certificates.

2 Likes

Hello @jgroothedde,

If we check the last certificates issued for your domain seems you have been issuing a few of them:

CRT ID      CERT TYPE   DOMAIN (CN)   KEY ALG      VALID FROM             VALID TO               EXPIRES IN  SANs
3837553847  Final cert  beyou.nl      RSA 2048bit  2020-Dec-27 15:47 UTC  2021-Mar-27 15:47 UTC  89 days     beyou.nl
3837506263  Final cert  www.beyou.nl  RSA 2048bit  2020-Dec-27 15:30 UTC  2021-Mar-27 15:30 UTC  89 days     www.beyou.nl
3837317991  Final cert  beyou.nl      RSA 2048bit  2020-Dec-27 14:19 UTC  2021-Mar-27 14:19 UTC  89 days     beyou.nl
3836840796  Final cert  beyou.nl      RSA 2048bit  2020-Dec-27 11:17 UTC  2021-Mar-27 11:17 UTC  89 days     beyou.nl
3836780775  Final cert  beyou.nl      RSA 2048bit  2020-Dec-27 10:56 UTC  2021-Mar-27 10:56 UTC  89 days     beyou.nl
3828398278  Final cert  beyou.nl      RSA 2048bit  2020-Dec-25 11:30 UTC  2021-Mar-25 11:30 UTC  87 days     beyou.nl
                                                                                                             www.beyou.nl
3828067348  Final cert  beyou.nl      ECC 384bit   2020-Dec-25 09:33 UTC  2021-Mar-25 09:33 UTC  87 days     beyou.nl
                                                                                                             www.beyou.nl
3824016842  Final cert  beyou.nl      RSA 4096bit  2020-Dec-24 10:14 UTC  2021-Mar-24 10:14 UTC  86 days     beyou.nl
                                                                                                             www.beyou.nl
3819286106  Final cert  beyou.nl      RSA 4096bit  2020-Dec-23 07:19 UTC  2021-Mar-23 07:19 UTC  84 days     beyou.nl
                                                                                                             www.beyou.nl
3819261144  Final cert  beyou.nl      RSA 4096bit  2020-Dec-23 07:12 UTC  2021-Mar-23 07:12 UTC  84 days     beyou.nl
                                                                                                             www.beyou.nl

The last certificate you issued only covers the domain beyou.nl and if you try to access to this domain https://beyou.nl it works fine, your problem is with www.beyou.nl and it is configured to use the kinsta wildcard certificate so seems it is using the default certificate for your server.

Here the problem, right now you CAN'T issue a new certificate that covers beyou.nl AND www.beyou.nl because you have already issued 5 certificates covering these domains in last 7 days.

At this point I would try to contact kinsta's support team and explain the situation so they can help to configure correctly your server, also, maybe they could reuse one of the certificates covering your domains (if they backup them of course).

Cheers,
sahsanu

3 Likes

When I surf to your site, I'm getting a secured site with the green lock, indicating the encrypted TLS connection is secure.

However, when I manually go to https://www.beyou.nl, I'm getting mixed content errors. (@sahsanu My Chrome only sees the cert including the www subdomain). For some reason, this only occurs to me when I manually go to https://www.beyou.nl, https://beyou.nl doesn't have that problem. In practice, your clients would only go to https://beyou.nl, as http://www.beyou.nl redirects to https://beyou.nl.

@jgroothedde You should make sure all pages of your site don't have any link to any http:// resource.

4 Likes

Someone is doing changes :wink: when I checked it, it only covered beyou.nl and the certificate for www.beyou.nl was one covering *.kinsta.com

Now I see it is using the right cert for both domains and even the mixed content issue has gone :wink: (Edit: no, the mixed content is stil there in the shop)

4 Likes

Ah, yes, that's of course possible too :grin:

3 Likes

Its already fixed Thanks a lot

4 Likes

Glad it is working but as @Osiris said, you have a mixed content issue (means that parts of your web are not being served in a secure way) that you should fix.

2 Likes