As a follow-up of this thread, the certificates that I had generated today using sudo certbot --apache now says Certificate is not Valid.
The certificate was installed and deployed without any issues as can be seen below.
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
root@ip-@@@-@@@-@@@-@@@:/home/ubuntu# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: @@@@@.ddns.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for @@@@@.ddns.net
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/@@@@@.ddns.net/fullchain.pem
Key is saved at: /etc/letsencrypt/live/@@@@@.ddns.net/privkey.pem
This certificate expires on 2023-12-30.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for @@@@@.ddns.net to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://@@@@@.ddns.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@ip-@@@@@-@@@@@-@@@@@-@@@@@:/home/ubuntu# apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 @@@.@@@.@@@.@@@ (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 @@@.@@@.@@@.@@@ (/etc/apache2/sites-enabled/000-default.conf:1)
But now every time I access the AWS EC2 Elastic IP, it gives me the message 'Certificate is not Valid`.
Also, when I try to access the domain @@@@.ddns.net, it says
Deceptive site ahead
Attackers on @@@.ddns.net may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers or credit cards).
I had tried clearing out browser history, cache, cookies. Tried accessing the site from my laptop, mobile but it gives me the same message. I am not really sure what's wrong here.
The certificate is fine. You need to use a URL for your domain name - not the IP address. Certificates are validated using public domain names. Use a site like this SSL Checker and you will see the cert and domain name it is valid for.
Note if you use the IP address as the hostname the validation will fail. If using your domain name it works fine.
By the way, you should have also been using the domain name as your ServerName in your Apache VirtualHosts. You either omitted them or used the IP address which is bad practice.
But this is not specific to Google Chrome. It gives me the same message on Firefox as well(for example) and on multiple devices as well(my laptop and on my mobile).
All I have on /var/www/html/ is an index.html file as below
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Site Maintenance</title>
<style>
body {
font-family: Arial, sans-serif;
background-color: #f2f2f2;
text-align: center;
margin: 0;
padding: 0;
}
.maintenance-container {
background-color: #ffffff;
max-width: 600px;
margin: 100px auto;
padding: 20px;
border-radius: 5px;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.2);
}
h1 {
color: #333;
}
p {
color: #777;
}
.logo {
width: 150px;
height: 150px;
margin: 20px auto;
display: block;
}
</style>
</head>
<body>
<div class="maintenance-container">
<img src="https://i.imgur.com/Zyy5NYu.jpg" alt="Site Logo" class="logo">
<h1>Site Under Maintenance</h1>
<p>We apologize for the inconvenience, but our website is currently undergoing maintenance to improve your experience.</p>
<p>Please check back later.</p>
</div>
</body>
</html>
From my point of view there's nothing wrong with your site. The certificate works as expected.
Edit: seems like Google Transparency Report does not mention anything. So either something is perhaps cached or another anti-malware thingy is marking the site as unsafe. Either way, still not a cert issue.
