Shelleylaskin.ca


#1

I created a Let’s Encrypt SSL with SSL For Free and when I went to install it, cPanel said that it couldn’t be installed because the name of the certificate was “Lets” and did not match the domain name of the website. There doesn’t appear to be any option to tell SSL for Free what the domain name is.

How do I fix this? Can I create a new SSL for that site since the current one can’t be installed? How do I tell it what the domain name is?

Charles


#2

Hi @Charles_I,

This doesn’t really make sense to me. Could you upload the certificate here so we could take a look at it?

You typed in the domain name right at the top of

https://www.sslforfree.com/

in the “enter your website to secure” box, right?


#3

Hi,

It seems that you accidentally copied the CA bundle file instead of the certificate file to the certificate field…

Please try to find the certificate or request a new one (if you don’t have the previous issued one)

Thank you


#4

Hmm, I don’t know, because as the screen shot shows, at the end of the process there is only one green button to download the free certificate, which came in as a zip file.

If I try to upload c_bundle.crt the error is that the certificate name is “Lets”
If I try to upload certificate.crt the error is that the certificate name is “domain”
The third file private.key is not uploadable.

See screenshot of the Free SSL site:

Charles


#5

Thanks. Could you please upload the c_bundle.crt and certificate.crt files here on the forum? Also, could you post a screenshot of the error that you see when you try to import them?


#6

I’ve increased your forum user level so that you’re allowed to upload files as attachments to forum posts.


#7

Thanks for your speedy replies. I can’t upload the two crt files because .crt is not authorized - even if I rename the extension - so I’ve zipped the 3 files up and put them on FTP here:

http://whatwant.ca/sslforum.zip

I’m gone for the day so I’ll won’t be getting back to this until tomorrow.

Thanks again.
Charles


#8

In case anyone else was worried, this archive doesn’t include the private key; the third file is a screen shot. :slight_smile:


#9

Hi Charles, thanks for uploading all of those files.

I think that your certificate is completely valid and the problem is with the hosting provider’s control panel, not with anything you did. For example, it may be confused by the apostrophe (’) in the name of the Let’s Encrypt certificate authority, since most certificate authorities in the past didn’t have names containing punctuation.

Could you please contact your hosting provider’s support about this? They may need to update or modify their control panel software.

Also, the screenshot you provided doesn’t look like cPanel; I think that your provider might have developed its own custom control panel software.


#10

Thank you! Sorry, about the mistake about cPanel - I know what it looks like, I just got carried away. Rebel.com is does not have very good technical support, and that interface is dreadful and very unprofessional looking, I will contact them and see if I can get them to install the certificate. I’ll let you know what happens. This is for a client’s site. My own provider (not Rebel) will create and install free certs for me.

Charles


#11

Problem Resolved. I asked the hosting company if they could manually install the certificate and sent them a link to this discussion and they responded,

Thank you for reaching out and including your forum, which provided plenty of valuable information regarding your SSL.

I can confirm that a representative from our hosting team was able to perform a manual fix on the SSL certificate, and he has been able to upload it successfully.

They successfully installed it. Hopefully the first part of this message indicates that they changed something in their upload tool.

Thanks for your help with this!
Charles


#12

That’s great!

You should also keep in mind that in an environment like this, you may need to repeat the process manually every 60-90 days with a new certificate.


#13

That’s OK for this website because it is for an election which takes place in October. However, I have other websites that are WordPress and have become extremely problematic.

There seems to be an issue with named Permalinks and SSL in WordPress. I have a site where I had the provider install their own free SSL and now the only way that the site will link to the article pages is if the Permalinks are set to Plain (db ID numbers). But because the site was built using the common “name” links any internal hard coded link is broken.

I looked up the problem and found this article which I don’t understand because I am not a server-side coder and have only had very limited exposure to .htaccess file coding.

When you say you “may” have to repeat the process manually, what determines when or if the SSL expires? And if it does and everything has been setup with the correct apache settings will the entire site break? And, will the settings in apache only have been particular to that one certificate?

Even purchased SSL certificates have to be re-installed when they expire yearly (I worked as a web developer for 15 years). Given the current climate of “insecure” browser warnings frightening the hell out of people, somebody is going to have to come up with a better system of auto-renewal, like domain names. I can’t see businesses putting up with broken links and down time every time an SSL comes up for renewal. And I’m coming up against hostile providers who are telling me that WordPress is not their problem and that I need to contact the developer - problem is, I am the developer.

Charles


#14

Let’s Encrypt certificates always expire after 90 days. You can check the validity of the certificate that you’re accessing in your browser. For example, in Firefox l can click on the padlock, then the > arrow, then More Information, View Certificate, and I see that the current certificate for this forum site expires on “October 28, 2018”.

With Chromium, I can click on the padlock, then “Certificate (Valid)”, and I see that the certificate expires on “Sunday, October 28, 2018 at 5:00:05 PM”. (This is nice—this had been moved into the web developer tools but I guess now it’s back in a more convenient location.)

The reason I said “may” above was that I didn’t understand from your message from your hosting provider’s support whether the provider had fixed the certificate this one time or had set it up to auto-renew on the provider’s end (which you might be able to ask explicitly about since it would be useful to know).

Having a certificate expire without replacing it will cause all HTTPS access to the site to break until the certificate is replaced. But the Apache configuration shouldn’t be specific to an individual certificate.

I think we’ve been unreasonably slow in saying this, but basically the best answer is

  • providers should perform the certificate request and renewal for you as part of your service plan, or

  • you should obtain the certificates yourself with a tool like Certbot if you’re the system administrator, and configure them to auto-renew, or

  • you should use a web server application that has certificate requests and renewals built in (currently probably Caddy)

Having users obtain their own certificates in shared hosting environments or when they’re not familiar with system administration is, as you’re pointing out, a recipe for disaster or at least annoyance.

I’m not sure how we want to assign responsibility in this case. One answer is that we need clearer documentation about using HTTPS with WordPress (which might come from the WordPress developers or community); another answer is that we need clearer delineation of what different kinds of hosting providers are and are not willing to accept responsibility for; and another answer might be that you’re using the wrong kind of hosting provider for your needs because you might want more proactive support, or more hosting plan features, than your current provider(s) are prepared to offer.


#15

I’ll definitely ask the provider if they can auto-renew. Thanks. The problem is that as a developer, I usually don’t have control over where someone has already chosen to host their site. The other thing is, that it’s not very easy to move to a new provider (especially a WordPress site!) and it’s not worth the aggravation unless there is a real dire need.

Charles


#16

I didn’t realize that you were getting hired to maintain existing sites rather than creating them from scratch. That does seem to put you in potentially inconvenient and tricky situations with respect to certificates, especially if a customer has chosen a hosting provider that’s especially uncooperative (and there are definitely some of those out there).

We’ve seen some of the intransigent hosting providers become much more cooperative over time, which must be a result of pressure and requests from their users. I hope this trend will continue and make things a bit easier for you in the future.

If you have a customer who’s using a hosting provider that’s especially uncooperative, you might also want to explain this and encourage the customer to consider a paid certificate because of its longer validity period.


#17

FYI after several days my hosting provider fixed the problem (this is a different hosting provider than the one being used for shelleylaskin.ca - I probably should have created a new topic regarding WordPress permalinks and SSL. But shelleylaskin.ca is also a WordPress site, yet it didn’t experience the same permalink problem).

Their explanation which may be helpful for anyone else experiencing WordPress permalink problems was:

There were some issues with your Nginx configuration which have been resolved.

They also say that the Let’s Encrypt certificate “is renewed automatically.” I gather from what you are saying that means they are renewing it, otherwise I would have to.

Charles


#18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.