[Solved] Two accounts after regenerate, got unsafe HTTPS sometime


#1

Hi there.

My domain is: reklamalift.com

I ran this command: firefox -> https://reklamalift.com, or https://kemerovo.reklamalift.com

It produced this output: unsafe connection https://kemerovo.reklamalift.com. It is appear sometime, because I get error about validation by Let’s Encrypt. I think that it appear because I can’t regenerate my expired certs before with account [d2b4ffe827d5345d02c1f47f7a3dfaa6] and then reinstall certbot with new account creation [567645f0a5575ac5dd8c8884ad26f716] and issue new certs. How can I drop my old account?

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Ubuntu Server 16.04

My hosting provider, if applicable, is: ruvds.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): it is ispmanager, but not use it.


#2

See;
https://www.whynopadlock.com/results/b9de0314-e2d5-4a2f-b91c-1266d310e6f3
https://www.ssllabs.com/ssltest/analyze.html?d=kemerovo.reklamalift.com

Please show the vhost config lines with:
SSLCertificateFile
SSLCertificateKeyFile


#3

Thanks. Exactly, I miss http://fonts… in CSS - fixed. Then fix

SSLProtocol all -SSLv2 -SSLv3 -TLSv1

and recheck, now I got:

  1. You may want to add a redirect to ensure a secure connection is used.
    Temporary I turn off redirect on main site only, because we have mobile application that won’t work over HTTPS.
  2. You have an invalid or missing intermediate (bundle) certificate.
    I don’t understand what is this.

Cut from my config:
SSLCertificateFile /etc/letsencrypt/live/reklamalift.com/cert.pem
#SSLCertificateChainFile /etc/letsencrypt/live/reklamalift.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/reklamalift.com/privkey.pem
#SSLCACertificateFile /etc/letsencrypt/live/reklamalift.com/chain.pem


#4

Change that to:
SSLCertificateFile /etc/letsencrypt/live/reklamalift.com/fullchain.pem
then restart Apache


#5

Your SSL Certificate is installed correctly.
Thank you very much!


#6

Glad I could help :slight_smile:


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.