SSL not working

My domain is: jimmymackhealing.com
Hosted on Godaddy shared hosting, using Cpanel (won’t run certbot)

Cert was created via shieldsigned.com
and covers both jimmymackhealing.com and www.jimmymackhealing.com

Previous certs created via ZeroSSL worked fine.

Any help will be much appreciated!

1 Like

No, it doesn’t.

Your latest certificate which is currently in use is only valid for jimmymackhealing.com. But because you have a redirect to www.jimmymackhealing.com in place, everybody will get a certificate error.

1 Like

Welcome @jfurlong :slightly_smiling_face:

@Osiris

Don’t dismay the man right out of the gate @Osiris. :wink:

@jfurlong

Osiris is absolutely right though. We can see at https://crt.sh/?q=jimmymackhealing.com that your certificate only covers jimmymackhealing.com. You need to issue a new certificate that includes both jimmymackhealing.com and www.jimmymackhealing.com. We can certainly help you do that.

Just want to be very clear about where the issue lies. I’ve seen people here on the community persevere in inadequate assumptions, which would delay the right action.

1 Like

@Osiris

So true. Sometimes a giant :stop_sign: is needed.

Adequate solutions are preferable even if they hurt someone’s feelings
I redid the SSL feeding shieldsigned.com the domain www.jimmymackhealing.com instead of jimmymackhealing.com and that appears to have worked.

Nothing like changing a process under pressure to cause you to make a mistake.

Help much appreciated, folks!

1 Like

Wouldn’t you rather have one certificate with both hostnames? The site you’re using does allow you to input multiple hostnames at the same time by separating them with a comma it seems.

1 Like

I’m REALLY hoping that you submitted your own certificate signing request (CSR). If their website generated it for you internally then they also generated the private key that goes with it, which means that your website would then have no security.

That’s an exaggeration. It means that the operator of the shieldsigned site (or somebody else with access to their server infrastructure) could have maliciously kept a copy of the private key and would then be able to use it to intercept communications to the jimmymackhealing site if they were also in the right place on the network to do so or could somehow tamper with its DNS records.

1 Like

@schoen

Very true. :slightly_smiling_face: I’m just trying to generally steer people away from sites that generate their private keys for them.