Renewed my cert but Chrome is still stating "Not secure"


#1

Hey!
Pretty new to this whole thing, but I believe I’m getting a hold of it.
Got a notification that the certificate had run out, so I needed to make a new one. Struggled with it for quite some time, but yesterday I finally got around to creating it. Felt like a great success, but when going to the site, it still says “Not secure” in Chrome.
I don’t know why, and can’t find anything on Google that can get me any further.

What can I do to remove the “Not secure” from my website?

My domain is: wifi.nodescloud.com

I ran this command: sudo certbot certonly --webroot -w /var/www/wifi -d wifi.nodescloud.com

It produced this output: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/wifi.nodescloud.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/wifi.nodescloud.com/privkey.pem
Your cert will expire on 2018-11-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”

  • If you like Certbot, please consider supporting our work by:

My web server is (include version): Ubuntu 14.04

The operating system my web server runs on is (include version): nginx v 1.4.6

My hosting provider, if applicable, is: Amazon EC2 Instance

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Hi @jafr

certonly means: You have a new certificate, but you have to install it manual. Your website

https://wifi.nodescloud.com/login

uses a certificate created 2018-02-…


#3

Thank you for your reply!

How do I install it then? (might be a dumb question, but I’m fairly new to this)


#4

Certbot certificates

shows your certificates. There are the folder and file names.

Then you must find the correct place in your configuration file, there replace the older entry.


#5

Or, more likely, simply restart the web server.


#6

If I restart the EC2 instance, would that fix the problem?


#7

There’s a good chance it would. But you should be able to figure out exactly what needs to be done (a “reload” command to your web server would be my guess), and set certbot to do that after renewing the certificate, so you don’t need to do this every time your cert renews.


#8

If you don’t use your new certificate, restart wouldn’t change that.


#9

Then what do I do to tell my instance to actually use that certificate?

Running certbot certificates just returns:

Found the following certs:
  Certificate Name: wifi.nodescloud.com
    Domains: wifi.nodescloud.Preformatted textcom
    Expiry Date: 2018-11-28 13:06:45+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/wifi.nodescloud.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/wifi.nodescloud.com/privkey.pem

#10

These paths and files you have to use.


#11

I’m really new to this, so I’m just gonna go and ask…

Use how? How do I tell it to use them?


#12

He’s already using a certificate, and its path hasn’t changed with the renewal. There shouldn’t be any need to reconfigure anything.


#13

How do I know which certificate is being used, caus according to certbot certificates I only have one. But it doesn’t seem like it’s in use, given that my site is still labeled insecure.


#14

Yes, you have one cert, at one path. Certbot has renewed it, but treats it as the same cert. If your cert was working previously, you should only need to reload your webserver to get it to use the renewed cert.


#15

It worked previously, but for some reason it isn’t working now.

I restarted the EC2 instance at AWS and reloaded the nginx afterwards.
Still getting marked as “Not Secure” though


#16

image


#17

Seems like my browser just preferes going to the http edition for some reason…
37


#18

So the issue has nothing to do with your certificate, it’s the lack of a working HTTP -> HTTPS redirect. Fix that in your nginx configuration and you’ll be set.


#19

Seems like it! Thank you for your help


#20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.