Site doesn't have a green padlock


#1

Dear community,

I have following problem:
My site is secured with a SSL-certificate from Lets encrypt. Green padlock doesn’t show, https sign is red and crossed.

I tested a site on www. whynopadlock .com : ONE ISSUE :
“You currently have TLSv1 enabled.This version of TLS is being phased out. This warning won’t break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018”

Tested with www. digicert .com : ONE ISSUE : “Certificate does not match name”

My domain is: https://allotro.com

I ran this command: I installed the SSL certificates, following the instructions from “https://www.onepagezen.com/free-ssl-certificate-wordpress-google-cloud-click-to-deploy/

It produced this output: Certificates issued, but they don’t match the input

My web server is (include version): wordpress

The operating system my web server runs on is (include version): I don’t know. I use MAc OS

My hosting provider, if applicable, is: Google Cloud

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): only PhpMyadmin

Thanks in advance,
Pio


I dont know why my site doesnt have a green padlock
#2

Hi @Pio1,

Your certificate is only valid for www.allotro.com, not for allotro.com. The certificate should cover both names.

In step 3 of the tutorial that you linked to, it says to use two different -d options in the Certbot command, one for the www form of the name and one for the bare non-www form of the name. It looks like you didn’t do that and only obtained a certificate covering the www form.

You should probably rerun Certbot with both -d options to reissue the certificate with both names covered.

However, the Certificate Transparency history shows that you’ve issued a large number of certificates for your site, some of which (including the most recent) do cover both names.

https://crt.sh/?Identity=%allotro.com&iCAID=16418

So before you issue a new certificate, maybe you can look into why your web server isn’t using one of the correct certificates. One thing you could try is running certbot certificates to see the current state of all Certbot-issued certificates on your system.


#3

Try the steps mentioned by schoen and it will get fixed.


#4

I entered the command “certbot certificates”
here is the result:

I reinstalled the certificates for both www. and non-www

I still get get crossed out https sign.

Any ideas?

Cheers


#5

Hi @Pio1

I don’t see a Letsencrypt - certificate. There is a Cloudflare wildcard:

CN=sni.cloudflaressl.com, O=“CloudFlare, Inc.”, L=San Francisco, S=CA, C=US 08.11.2018 08.11.2019 *.allotro.com, allotro.com, sni.cloudflaressl.com - 3 entries
Keyalgorithm EC Public Key (256 bit, prime256v1)
Signatur: ECDSA SHA256
Serial Number: 046D83C41C8B02788A06FB246985C318
Thumbprint: 872D88E226C7EB9549AC212BB0D1391AE96A03EB
OCSP - Url: http://ocsp.digicert.com
OCSP - must staple: no
Certificate Transparency: yes

But really terrible:

You have a loop: https://check-your-website.server-daten.de/?q=allotro.com

Your https + www version redirects direct. So it’s impossible to use your site.


#6

Thanks for the tips

I finally found the problem

Really appreciate your help !