Ssl certicifate 'not secure' problem

Teetotal · July 28, 2021, 3:35pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.iamchaeyoung.com

My web server is (include version): nginx

The operating system my web server runs on is (include version):windows10

My hosting provider, if applicable, is: aws lightsail

Hi, I'm a real beginner...
I've made a website for assignment and was trying to get a ssl certificate through certbot.
I think I somehow succeed to get one, yet another problem has just occurred which is..

why is it still not secure? It says the provider is (STAGING) Artificial Apricot R3.
Should I get another new ssl certificate or have I done something wrong?

I got the source from here: https://raw.githubusercontent.com/wmnnd/nginx-certbot/master/init-letsencrypt.sh

Please help me. as I'm slowly dying.
Thank you.

Rip · July 28, 2021, 4:05pm

Hello @Teetotal welcome to the community!

You have a staging cert installed.

Screenshot_2021-07-28_08-54-41

The staging server is for testing to be ready to do a "production run" and obtain a real certificate. Thank you for using the staging environment initially.

You can re-run your process and select the production server:
https://acme-v02.api.letsencrypt.org/directory

You did nothing wrong. No "Dying" allowed there's enough of that going around.

Hope this helps.

Osiris · July 28, 2021, 4:43pm

In the script used by OP this is done by editing the script and changing it:

From:

staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits

To:

staging=1 # Set to 1 if you're testing your setup to avoid hitting request limits

After changing the above you can re-run the script and all should be fine.

Note that the init-letsencrypt script should be run just once for getting a valid certificate. Once you have the valid certificate, you should NOT run the script again, as it will delete the previously issued, perfectly fine certificate and re-issue a new one unnecessarily. However, the Github repository nor the script does NOT explain how to renew your certificate, which is very unfortunate. Personally, I think the script is just plain @()$$)#@#* and shouldn't be used.

As I don't have experience with Docker nor that script, I find it hard to advice on how to proper renew your certificate and afterwards reload nginx too.

Rip · July 28, 2021, 4:45pm

Good catch @Osiris , Thanks!

system · August 27, 2021, 4:45pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.