Renewed Certificate still showing Unsecure

Help
1

I renewed letsencrypt on this sub domain, and when I check the browser, it’s still showing ‘unsecure’

My domain is: 360lace.cepfonline.org

I ran this command:
certbot renew --dry-run

It produced this output:

Processing /etc/letsencrypt/renewal/360lace.cepfonline.org.conf

Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for 360lace.cepfonline.org
Waiting for verification…
Cleaning up challenges

new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/360lace.cepfonline.org/fullchain.pem

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/360lace.cepfonline.org/fullchain.pem (success)

My web server is (include version):
CentOS 7.1
The operating system my web server runs on is (include version):
CentOS Linux 7.3.1611

Yes, I can login to a root shell on my machine

2

Hi @pshegs

look there:

https://certbot.eff.org/docs/using.html#certbot-commands

--dry-run Test "renew" or "certonly" without saving any certificates to disk

--dry-run doesn't save the certificate and doesn't change your webserver settings.

dry-run uses the test-system, so the certificate has the "Fake-Root". It's nothing to use productive.

3

Thank you for your reply. I’m not yet very well skilled in this, could you make it easier by helping me out with the exact stuff to run to fix the issue?

Thanks a million in advance.

4

Hi,

Please just run certbot renew

Thank you

1 Like
5

Don't use the --dry-run option if you really want to renew your certificate and update your configuration.

6

Thank you. I did as instructed above, just certbot renew and it successfully renewed, but going to the url, it’s still showing as unsecure…

7

Done. renew successful, but it’s still showing as unsecure

8

Hi,

You’ll need to use this URL to visit your site (in https version)
https://360lace.cepfonline.org

Thank you

9

You don't have a redirect http -->> https.

Add this, so a user is redirected to https.

10

Since we don’t know what web server you’re running, nobody can really help you set that up. Either post that information, or just search for “your_web_server_software https redirect”. That is, probably something like “apache https redirect” or “nginx https redirect”.

11

Based on the HTTP headers it appears to be Apache 2.4.6, so https://wiki.apache.org/httpd/RedirectSSL

The intermediate cert seems to be missing, though. For Apache 2.4.6 you want SSLCertificateFile pointed at your cert.pem and SSLCertificateChainFile pointed at your chain.pem.

(You should try to fix the other problems on that report too - this may help)

12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.