[SOLVED] Is there any validation checks I can perform before trying LetsEncrypt

John_Betong · November 17, 2016, 10:27am

I have about 8 personal sites on DigitalOcean and all are HTTP. I successfully encrypted a free.domain.tk to test LetsEncrypt but now it is inaccessible.

I think when the server was updated from Linux 14.04 to 16.10 the trouble began…

I think the problem is because, I foolishly and permanently redirected (using 301) to the HTTPS site.

I would like to start again and have just created another free test which is currently propagating. I was wondering if there are any tests which can be performed before trying to encrypt the new site.

serverco · November 17, 2016, 10:35am

I’d always start by using the staging / test server ( see https://letsencrypt.org/getting-started/ and https://letsencrypt.org/docs/staging-environment/ ) since that doesn’t have the same rate limits on it. Once you have everything working there, then change to the full server.

John_Betong · November 22, 2016, 2:18am

@serverco many thanks for the response unfortunately it did not solve the problem.

John_Betong · November 22, 2016, 2:36am

YIPPEE - Success

Most surprised that I received the following email from Google!

Nov 20 (2 days ago)
To: Webmaster of https://***###&&&.tk/ -

Google has detected that the SSL/TLS certificate used on https://***###&&&.tk/ is self-signed, which means that it was issued by your server rather than by a Certificate Authority. Because only Certificate Authorities are considered trusted sources for SSL/TLS certificates, your certificate cannot be trusted by most of the browsers. In addition, a self-signed certificate means that your content is not authenticated, it can be modified, and your user’s data or browsing behavior can be intercepted by a third-party. As a result, many web browsers will block users by displaying a security warning message when your site is accessed. This is done to protect users’ browsing behavior from being intercepted by a third party, which can happen on sites that are not secure.

Recommended Action:

Get a new certificate
To correct this problem, you need to get a new, dedicated SSL/TLS certificate from a trusted Certificate Authority (CA). This certificate must match your complete site URL, or be a wildcard certificate that can be used for multiple subdomains on a domain.
Need more help?

• Learn more about SSL certificate problems.
• Read our article on How to secure your site with HTTPSin our Help Center.
• Ask questions in our forum for more help - mention message type [WNC-606601].

I have no idea of the incorrect SSL Certificate origin.

Yesterday I deleted the SSL and installed LetsEncrypt again without success.

Today it works! It looks as though overnight the faulty URL has been de-propagated/un-propagated (?)

Lessons to be learned:

Do not use 301 to rewrite the HTTP URL to HTTPS because if there are any mistakes it takes forever to revert. Far better to use a 302 until the URL has proved to be successful. The rigid 301 change can then be made or maybe never?.
Beware of Ubuntu upgrades from 14.04 to 16.01 which may have been the problem, if not then it was co-incidental the HTTPS URL stopped working.
Test your site with a free URL and monitor success. I am delighted to say has worked fine otherwise my other sites would have been down for well over a fortnight.
Never blindly trust tutorials

Edit:
Added email date.

system · December 22, 2016, 2:37am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Tool for proxying non-ssl websites via letsencrypt auto ssl Issuance Policy	4	1730	February 6, 2016
Google nags me about the certificate being self-signed?	40	22510	July 2, 2017
How do you test your SSL for readiness to go to production? Server	10	3268	May 9, 2016
Security Question re: LetsEncrypt checking sites Help	3	502	February 28, 2020
Lets Encrypt SSL Certificate Setup Issue Help	26	5866	August 7, 2017

[SOLVED] Is there any validation checks I can perform before trying LetsEncrypt

Related topics