SSL Conflicting issues , Need help


#1

Hello Lets Encrypt Support Community , First of all it is my honor to become part of such lively and active community and seeing how community interacts with each other and helping newbies like me . I would like some clearity on this confusing issue , as iam trying to connect with Ezoic and there seems to be ssl conflicting issues . My Hosting Company is HostGator and the SSL i used is provided by LetsEncrypt and it was installed by Hosting Support as well , but this morning i checked SSL was renewed and still it reads Letsencrypt but from this link : https://crt.sh/?q=alllotteryresult.net , it says Cloudflare generated new certificate . As far as my understanding is concerned in this matter , its an issue with SSL communication between original SSL i used latest 19th November 2018 in above url from Let`s Encrypt and one Created by Cloudflare via Ezoic on 21 November 2018 . Ezoic Dashboard however support uploading your own certificate but they require complete chained certificate .i.e root and issuance company cert records along with Domain certificate.

I would be honored to have some input on above matter and hopefully will get some valueable feedbacks.

Regards,
My domain is:alllotteryresult.net

I ran this command: https://crt.sh/?q=alllotteryresult.net

My hosting provider, if applicable, is: Host Gator

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Wordpress Optimized Hosting Package with only FTP access


#2

Could you please clarify some more? For example, I’m not familiar with Ezoic. I’d have to search the web for what it is, what the relationship with your site is and what exactly you’re trying to do when “connecting with Ezoic”.

Further more, could you please clarify what exactly the problem is? SSL conflicting issues? Do you get some sort of error message? Could you please copy and paste the exact error message you’re getting?


#3

Hello Osiris and Thanks for following up on issue:

Regarding your querry about Ezoic , It is Googles Publishing Certified Partner , iam using it for Google adsense linkage purposes as Ezoic Increases Adsense revenue by performing various Ad placement tests as well as layout tests on the websites it is linked with. Ezoic uses AmazonAws CDNs which basically increases or boost the Browsing Speed of the website and create 7 different CDN Subdomains on parent domain . In order to work properly Ezoic needs all these wildcard domains to be on SSL and as far as my understanding is concerned do correct me if iam wrong but i think LetsEncrypt creates Wildcard SSL certificates using Cloudflare CDNs, I mean im newbie here but my reading of the issue say so but i leave the verdict in the hands of expert here :slight_smile:

Regards and Best Wishes


#4

Hi,

Yes, Let’s Encrypt does create wildcard certificates. But you still need to renew it every three months.
You was at hostagtor and they renewed your let’s encrypt certificate for you before, but now you seems to be moved to a new host (probably Ezoic), which you’ll need a wildcard certificate in order for them to upload to cloudfront (the AWS cdn Ezoic used) and provide secure connection for those subdomains.

There are actually two choices here…
The first one is (kind of ) free but need your work every three months : generate a wildcard certificate for your domain via a utility every three months and upload to the control panel

The second choice is less work (you don’t need to generate, upload a certificate every three months), but would definitely cost more: purchase a wildcard certificate from a commercial certificate authority, and upload it to the control panel. (Those paid certificates normally cost more than $50 but it would last 1-2 years)

You’ll need to pick a utility (software or website) that could create a wildcard certificate from the below list.

First, check with your hosting provider if you could edit DNS records for your domain. (Sometimes you’ll need their help to do this) (this is critical because let’s encrypt currently only allow you to get a wildcard certificate with DNS validation)
Then, go to that software / website, follow their instructions, complete the validation and create a certificate.

You’ll need to find the certificate context after you generated it. If that certificate come with more than one certificate, (begin certificate header is presented more than once) then it probably come with the intermediate certificate.

If there’s only the certificate,

warning: The below certificates are valid before let’s encrypt start to sign end-user certificates with their own ISRG Root CA, if you need the CA and intermediate CA that signed by ISRG, use this link

This is the intermediate certificate let’s encrypt used to sign your certificate: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt

You normally does not need the CA file, but in case you need it, find the CA file here https://github.com/phpmyadmin/phpmyadmin/issues/13398

Thank you


#5

Ezoic’s page says

Ezoic works by either placing a script on your site’s pages or by pointing your nameservers at Ezoic. You can turn Ezoic on/off instantly from the Ezoic dashboard. You can also point your name servers away or remove the script, but we would be sad. :frowning:

@Alllotteryofc, which option did you use? Did you point your nameservers at Ezoic or did you place their script on your page?

It seems like you probably used the first option, but maybe the second option would be simpler? Then there wouldn’t necessarily need to be any changes to how your cert works.

There is no “conflict” when multiple CAs issue certificates for the same name; the certificates don’t contradict or invalidate each other. However, the question is just to make sure that every entity that should be issuing a certificate for your site is able to do so.