Something went wrong with the ssl

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://lakewoodatcorpuschristi.com/

I ran this command: none

It produced this output: none

My web server is (include version): asustor

The operating system my web server runs on is (include version): apache

My hosting provider, if applicable, is: none

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): n/a

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): n/a

1 Like

It seems that your Apache config lost the “know how” to encrypt.
Port 443 is using clear text HTTP instead of HTTPS.
See:http://lakewoodatcorpuschristi.com:443/
Which returns:

curl -Iki http://lakewoodatcorpuschristi.com:443/
HTTP/1.1 301 Moved Permanently
Date: Wed, 10 Jun 2020 04:32:39 GMT
Server: Apache
Set-Cookie: wccpprocookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
X-Redirect-By: WordPress
Location: https://lakewoodatcorpuschristi.com/
Content-Type: text/html; charset=UTF-8

And https://lakewoodatcorpuschristi.com/ returns:

curl -Iki https://lakewoodatcorpuschristi.com/
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

And confirmed by: https://www.ssllabs.com/ssltest/analyze.html?d=lakewoodatcorpuschristi.com

1 Like

Ok can you tell me if this fixable and if it is point me to right direction to how.

1 Like

Since you have root access, I would start with reviewing the Apache config for obvious “issues”.
Let’s have a look at the output of:
apachectl -S

And… do you recall making any manual changes recently or any changes at all recently?

1 Like

Let me look and I had issues so I made changes and I correcting them now.

I seeing what you mean yes I turn them off because at this moment I have a issue creating a certificate

Can you please tell me how i can download or get the private key for this certificate.
https://crt.sh/?id=2769692955&opt=ocsp

There is nowhere (external to your system) that holds your private key for you to download it from.
Having such would break every security model ever created.
It can only be secure if no one else has your key.

You can only find the public “half” online.

If you have no matching private key(s), you will have to create a new set.

If you have no key to the lock, just throw it away and get a new one.

1 Like

This statement is a little strong—it would make certificate authorities have to be a lot more trusted than they are, but that is still a possible security model. Even having trusted third parties actually in the session for encrypted communications is a common security model today (e.g. for a lot of video chat systems, your encrypted connection is automatically decrypted and re-encrypted by the service provider). I think most people on this forum would agree that having to trust third parties less is extremely desirable, but that doesn’t mean that security models that require trusting them can’t be considered security models.

Maybe we could scale this back to “would break the security model that was created for the web PKI”? :slight_smile:

3 Likes

(An example of a model—not used on the web for HTTPS—where the certificate authority does know your private key is IBE: https://en.wikipedia.org/wiki/ID-based_encryption)

2 Likes

Agreed :slight_smile:

3 Likes

I just got more confused lol

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.