I ran this command: (sudo certbot --nginx) I have obtained a certificate but continue to get a Secure Connection Failed error.
It produced this output: Error code: SSL_ERROR_ILLEGAL_PARAMETER_ALERT
My web server is (include version): Nginx 1.18.0
The operating system my web server runs on is (include version): Ubuntu 20.04
My hosting provider, if applicable, is: Kagoya (in Japan)
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I have Webmin installed but can also access via SSH
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.29.0
I have another site running on this domain (sub domain) with a Letsencrypt certificate and it works without issue. The domain is: screen.shizuoka-kikoesupport.jp
Currently I have the site at www.shizuoka-kikoesupport.jp running in the html directory of Nginx (not a subdirectory) using port 80 because every time I attempt to set it up using 443 I get the SSL_ERROR_ILLEGAL_PARAMETER_ALERT error (in Firefox). With Safari I simply get an error indicating that the connection cannot be established.
I've tried this several times and even deleted and reissued the certificate once because I suspected it was corrupted but that did not solve my problem. I decided it might be a good idea to stop hammering away at this and step back and ask for advice/help here. The last time I was on the forums I received AMAZING support from several members who spent quite a bit of time walking me through the process of getting everything up and running.
Welcome back. First, you should avoid re-creating more certs. Unless you manually damaged the cert it would not happen. And, would produce different error if it was. Recreating certs may result in you becoming rate limited and that causes larger problems.
I see all the domains you show using HTTPS. The main problem is they all return the same cert and it only has one domain name in it. So, an error about "mismatched domain name" will occur.
That is, your www.screen.shizuoka-kikoesupport.jp works but use this SSL Decoder test site for all your domains and you will see what is happening (https connects ok but your server returns wrong cert).
To help with this and possible connection problems with some clients it is probably best to see your nginx config. Please show the output of sudo nginx -T command. Add 3 backticks before and after the output so it is formatted properly. On a US keyboard the backtick is in upper left next to the 1 key. Like this:
```
output of: sudo nginx -T
```
Thanks for your help. Let's see, yes, I was a bit nervous about deleting the certificate but was simultaneously getting desperate so I thought it was worth a try. I will refrain from doing that again.
I'm not sure that I understand what you mean by "they all return the same cert".
I have re-enabled the www.shizuoka-kikoesupport.jp site, which breaks my site so I'd rather not leave it like that indefinitely and used the SSL Decoder tool you set for both domains:
www.screen.shizuoka-kikoesupport.jp
and
www.shizuoka-kikoesupport.jp
I'm probably missing something with the tool but it appears to me that both are ok...no?
I guess...maybe...my nginx configuration for the www.shizuoka-kikoesupport.jp is wrong but I cannot figure out why I've done wrong...it's the same, as far as I can tell, as other configs that I use successfully on a different site.
Let's see, the output of nginx -T is: (Note - I deleted the majority of the commented out lines to clean it up a bit) The first config is for ERPNext. The second one is for the site that I've enabled (www.shizuoka-kikoesupport.jp) but am unable to access. ERPNext is running at screen.shizuoka-kikoesupport.jp and the other site at shizuoka-kikoesupport.jp. I will disable the shizuoka-kikoesupport.jp site (the one with SSL) and revert back to the one that works for now.
I'm afraid that I'm not exactly sure. It is part of the default config for ERPNext. site1.local is the the title of the site, within that framework, that is served at the screen.shizuoka-kikoesupport.jp address.
I have several test sites running on a different server with a very similar configuration.
The first one, screen, is an instance of ERPNext.
The second one, support, is a Moodle site.
The only difference between how I have those sites setup and the ones I'm now trying to setup, as far as I can see, is that in the case of the two above, they are both running on subdomains. What I am trying to do now is have one served on a subdomain and the other on the main domain. I didn't think doing so was problematic but...
ssl_certificate /etc/letsencrypt/live/www.shizuoka-kikoesupport.jp/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.shizuoka-kikoesupport.jp/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
But the first block doesn't contain those last two line.
Tell me more about the error you are having and how to reproduce it.
Thanks again. When I enable the second site (www.shizuoka-kikoesupport.jp) to use SSL, the site is inaccessible. If accessed with Firefox, I get the "Secure Connection Failed" message. With Safari, I get
"Safari can't open the page "https://www.shizuoka-kikoesupport.jp" because Safari can't establish a secure connection to the server "www-shizuoka-kikoesupport.jp".
I had the site enabled without SSL but have just now switched back (reenabled) to the site that should be using SSL (the one in the config file attached previously) and disabled the one using 80.
Regarding that mess in the ERPNext config file, I'm not sure why there are redundancies there. I haven't messed with that one...but will work to clean it up...just hope I don't mess that site up since its working without issue.
This is very odd. So, when I add a url here (the url is 'www.shizuoka-kikoesupport.jp') a preview appears (in Japanese). The preview is for the hospital that this site (the one I'm trying to get to work with an SSL cert) is affiliated with but the url for the hospital is different ('www.shizuoka-pho.jp/sogo/').
I don't understand why that text is appearing. Interestingly though, it is information about the "Kikoetokotoba Center" (Hearing and Language Support Center). The site I am trying to get up and running is the Hearing and Language Support Center.
Wait...I just recently (last week) had this domain transferred from the previous registrar and I believe it had an associated SSL certificate prior to the transfer. Is there any chance of some kind of certificate conflict...or is that even a thing?