Someone generated a certificate

neildsb · September 20, 2018, 12:06pm

Hi, last night my website started accepting only HTTPS connection? I have changed nothing, it appears to have a signed by a ‘Lets Encrypt’ certificate, i did not do this…who did and how?? Any help would be appreciated, thanks

My domain is: cookconcise.ltd

My web server is (include version): Joomla 3.8.12

danb35 · September 20, 2018, 12:16pm

Who’s your hosting provider? Because they probably did this.

neildsb · September 20, 2018, 12:54pm

yay.com…provide the DNS i called them they have no idea…I am hosting the very small website

danb35 · September 20, 2018, 12:58pm

Well, Let’s Encrypt didn’t issue a certificate on their own, and they certainly didn’t configure your website to use it. And if your site is showing secure with the Let’s Encrypt cert, that pretty well rules out anything malicious. So either this is something you did yourself, something your software did on its own, or you have someone else managing your site who did it.

cpu · September 20, 2018, 1:22pm

Hi @neildsb,

I think you should try to escalate this question with the Yay support folks. The account that issued a certificate for this domain has a contact address associated with this company.

JuergenAuer · September 20, 2018, 1:28pm

Hi @neildsb

your site doesn't work. There is an iFrame - element with

http://10cinderhill-btptbncjpg.dynamic-m.com/joomlaCMS

as src, but this site doesn't work. And the </body></html> is missing, so Firefox shows nothing.

Is this your url?

Or is your Joomla hacked?

neildsb · September 20, 2018, 1:34pm

I have Web forwarding configured, the url is correct…Its all been working for about a year or so…

mnordhoff · September 20, 2018, 1:36pm

Where did you configure web forwarding? Who operates it?

neildsb · September 20, 2018, 1:37pm

I used web forwarding with Yay.com

JuergenAuer · September 20, 2018, 1:38pm

Yep - FireFox blocks the http - content. So the combination

https://cookconcise.ltd/ + iFrame from http://10cinderhill-btptbncjpg.dynamic-m.com/joomlaCMS/

doesn’t work.

neildsb · September 20, 2018, 1:43pm

I do not have a static address for an ‘A’ Record, hence i web fwd to a DDNS. its really strange not sure why its suddenly stopped working

JuergenAuer · September 20, 2018, 1:45pm

You should

remove the certificate https://cookconcise.ltd/ or
add a certificate at http://10cinderhill-btptbncjpg.dynamic-m.com/

The combination is the problem.

neildsb · September 20, 2018, 1:47pm

really appreciate everyone help and support, one problem… i did not add the certificate to remove…unless I am missing something.

neildsb · September 20, 2018, 4:20pm

thanks found the culprit, Yay.com added the certificate and the combination of Chrome 69 has resulted in the perfect storm, have changed the fwd policy removed the iFrame mask, thanks again Neil

system · October 20, 2018, 4:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.