Renewed my cert but Chrome is still stating "Not secure"

jafr · August 31, 2018, 8:58am

Hey!
Pretty new to this whole thing, but I believe I’m getting a hold of it.
Got a notification that the certificate had run out, so I needed to make a new one. Struggled with it for quite some time, but yesterday I finally got around to creating it. Felt like a great success, but when going to the site, it still says “Not secure” in Chrome.
I don’t know why, and can’t find anything on Google that can get me any further.

What can I do to remove the “Not secure” from my website?

My domain is: wifi.nodescloud.com

I ran this command: sudo certbot certonly --webroot -w /var/www/wifi -d wifi.nodescloud.com

It produced this output: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/wifi.nodescloud.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/wifi.nodescloud.com/privkey.pem
Your cert will expire on 2018-11-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”

If you like Certbot, please consider supporting our work by:

My web server is (include version): Ubuntu 14.04

The operating system my web server runs on is (include version): nginx v 1.4.6

My hosting provider, if applicable, is: Amazon EC2 Instance

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

JuergenAuer · August 31, 2018, 10:51am

Hi @jafr

certonly means: You have a new certificate, but you have to install it manual. Your website

https://wifi.nodescloud.com/login

uses a certificate created 2018-02-...

jafr · August 31, 2018, 10:53am

Thank you for your reply!

How do I install it then? (might be a dumb question, but I’m fairly new to this)

JuergenAuer · August 31, 2018, 11:07am

Certbot certificates

shows your certificates. There are the folder and file names.

Then you must find the correct place in your configuration file, there replace the older entry.

danb35 · August 31, 2018, 11:08am

Or, more likely, simply restart the web server.

jafr · August 31, 2018, 11:09am

If I restart the EC2 instance, would that fix the problem?

danb35 · August 31, 2018, 11:12am

There's a good chance it would. But you should be able to figure out exactly what needs to be done (a "reload" command to your web server would be my guess), and set certbot to do that after renewing the certificate, so you don't need to do this every time your cert renews.

JuergenAuer · August 31, 2018, 11:16am

If you don’t use your new certificate, restart wouldn’t change that.

jafr · August 31, 2018, 11:17am

Then what do I do to tell my instance to actually use that certificate?

Running certbot certificates just returns:

Found the following certs:
  Certificate Name: wifi.nodescloud.com
    Domains: wifi.nodescloud.Preformatted textcom
    Expiry Date: 2018-11-28 13:06:45+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/wifi.nodescloud.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/wifi.nodescloud.com/privkey.pem

JuergenAuer · August 31, 2018, 11:19am

These paths and files you have to use.

jafr · August 31, 2018, 11:20am

I'm really new to this, so I'm just gonna go and ask..

Use how? How do I tell it to use them?

danb35 · August 31, 2018, 11:23am

He's already using a certificate, and its path hasn't changed with the renewal. There shouldn't be any need to reconfigure anything.

jafr · August 31, 2018, 11:38am

How do I know which certificate is being used, caus according to certbot certificates I only have one. But it doesn’t seem like it’s in use, given that my site is still labeled insecure.

danb35 · August 31, 2018, 12:10pm

Yes, you have one cert, at one path. Certbot has renewed it, but treats it as the same cert. If your cert was working previously, you should only need to reload your webserver to get it to use the renewed cert.

jafr · August 31, 2018, 12:11pm

It worked previously, but for some reason it isn’t working now.

I restarted the EC2 instance at AWS and reloaded the nginx afterwards.
Still getting marked as “Not Secure” though

danb35 · August 31, 2018, 12:13pm

jafr · August 31, 2018, 12:15pm

Seems like my browser just preferes going to the http edition for some reason…

danb35 · August 31, 2018, 12:23pm

So the issue has nothing to do with your certificate, it's the lack of a working HTTP -> HTTPS redirect. Fix that in your nginx configuration and you'll be set.

jafr · August 31, 2018, 12:23pm

Seems like it! Thank you for your help

system · September 30, 2018, 12:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Upgraded certbot and renewed certificate but Chrome still showing "Not secure" Help	6	3667	July 28, 2019
Unable to renew existing cert, but creation working Help	3	1181	January 16, 2018
After renew certificate, some applications didn't trust anymore Server	9	3086	April 22, 2017
Certificate is up to date but browser shows it's invalid (expired) Help	4	1553	November 25, 2019
"The certificate is not trusted in all web browsers..." Help	4	6550	December 16, 2018

Renewed my cert but Chrome is still stating "Not secure"

Related topics