Site not trusted by either chrome or edge

eternalshenron · January 25, 2017, 4:09pm

Please fill out the fields below so we can help you better.

My domain is:nimbuslogistics.in

I had used TSOhost’s single click installation to install let’s encrypt’s certificates. Now, when I check the validity on the website ssllabs.com, it shows my certificates are valid but gives a message ‘This site works only in browsers with SNI support’. Also, none of the browsers display my website as secure.

My operating system is:Windows 10

My hosting provider, if applicable, is:TsoHost

I can login to a root shell on my machine (yes or no, or I don’t know):i don’t know

MitchellK · January 25, 2017, 4:16pm

Because your site contains mixed resources.

eternalshenron · January 25, 2017, 4:17pm

I’m sorry but I’m noob at this. Could you please guide me how to correct this problem.

MitchellK · January 25, 2017, 4:18pm

Also your http (port 80) does not redirect to https (port 443) either. A simple apache config with a redirect would look something like this.

<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/mysite/
ServerName mysite.com
ServerAlias www.mysite.com
ErrorLog ${APACHE_LOG_DIR}/mysite-error.log
CustomLog ${APACHE_LOG_DIR}/mysite-access.log
<Directory "/var/www/mysite/">
Options +Includes
Options +FollowSymLinks -Indexes
....... OTHER STUFF HERE
</Directory>
SSLCertificateFile /etc/letsencrypt/live/mysite.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/mysite.com/chain.pem
</VirtualHost>
</IfModule>
<VirtualHost *:80>
ServerName mysite.com
ServerAlias www.mysite.com
ErrorLog ${APACHE_LOG_DIR}/mysite-error.log
CustomLog ${APACHE_LOG_DIR}/mysite-access.log
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
        RewriteRule (.*) https://mysite.com%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

MitchellK · January 25, 2017, 4:19pm

You have internal links in your site pointing to http://nimbuslogistics.in and not https://nimbuslogistics.in

MitchellK · January 25, 2017, 4:20pm

2 of your jpeg images on your front page are hardcoded to http

eternalshenron · January 25, 2017, 4:24pm

I really appreciate your effort to point out all the faults. I think I can rectify the internal links problem and the jpeg images. I’m not sure about the first 2 problems though. Could you please guide me with the solution for the first 2 problems as well. Thanks!

MitchellK · January 25, 2017, 4:27pm

First fix the internal linking of all jpeg images, then you will stop seeing the mixed resources and “untrusted” messages. Make sure to check all pages within your site for any images you may have hardcoded in the past. There are wordpress plugins like “Velvet Blues Update URLS” which can do a very quick find and replace inside your database.

Secondly your apache configuration files needs the section below added after your <VirtualHost *:443> ends. This tells it to redirect anything coming in on port80 to https. Of course need I say replace mysite.com and www.mysite.com with your own real domain name. (Please note the apache config file shown here is from an Ubuntu box not a Windows box so I am not sure if there are any differences)

<VirtualHost *:80>
ServerName mysite.com
ServerAlias www.mysite.com
ErrorLog ${APACHE_LOG_DIR}/mysite-error.log
CustomLog ${APACHE_LOG_DIR}/mysite-access.log
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
        RewriteRule (.*) https://mysite.com%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

also open the Chrome developer tool menu to help you see errors. VIEW > Developer > Developer Tools > Security

eternalshenron · January 27, 2017, 9:09am

@MitchellK Thanks for the help. Finally, the website is shown as secure. Really appreciate the time and effort put in by you. Peace

MitchellK · January 27, 2017, 1:59pm

No problem at all, that’s what we are all here for so glad you got it all sorted now.

You must check that you are allowing - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 and using the correct ciphers from https://mozilla.github.io/server-side-tls/ssl-config-generator/

If you test your cert at you’ll see it’s dropping a lot of connections to valid browsers and devices using older TLS 1 and 1.1
https://www.ssllabs.com/ssltest/analyze.html?d=nimbuslogistics.in

system · February 26, 2017, 2:01pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.