inhale
June 22, 2020, 5:32am
1
I use LetEncrypt on Plesk Onyx and everything seems to be working, but the results are varying between domains. The domain below has a LetsEncrypt certificate created, it is assigned/bound to the website in IIS etc
But when we display this website in a browser, it displays the ‘Not Secure’ info.
It is picking up the SSL Cert for another site on the same IP Address for some reason.
The frustrating part is that some websites on the same IP address using Plesk do not have this problem!
Any help would be appreciated!
My domain is: jwconstructionsqld.com.au
My web server is (include version): IIS8
The operating system my web server runs on is (include version): Windows Server 12
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Onyx
Version 17.8.11 Update #88
rg305
June 22, 2020, 5:38am
2
IIS is serving this cert for that name:
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIQBoloyC0t7y3K8OVVj3mz9TANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRSYXBpZFNTTCBSU0EgQ0EgMjAxODAe
Fw0xOTA2MjcwMDAwMDBaFw0yMDA3MjAxMjAwMDBaMBsxGTAXBgNVBAMMECouYmYt
bGl2ZS5jb20uYXUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT7cS+
hV0OOHpcWrukLbiYHY6MLY6VH1ElEiSN1JIsUVVYwLyzHREt5W49Tik1hoAsSx8o
4AGKxACARhqNXI3xzCWFgGtIz3BM4VHp6kKuXLpLb9z7y+9oKBeHuQIiuSF17ZUx
vInKraVdrn2r6DFTxpQdjI1o+dfppQMkP8fMriPl7qzYJ0KdjA03ZG56snSFAi/G
hOq3xUyI0E4+kzHM7F8KQSLWFz0TvwarsnmJAz8jgWGz8iZrisSFTyLSHkqLkzVO
WqnIz+Xq/3YBS5k3pIsKPAtGcB5ZEp+ghOq8I/B6lVM3mCNV2sgxCRfQVeEQcu59
jkiC9fSya8U6225VAgMBAAGjggK5MIICtTAfBgNVHSMEGDAWgBRTyhdZ/GvAAyEv
Gq7kqqgcglbadTAdBgNVHQ4EFgQUBQI/3CIkixng0LzUiogBWSIfGO4wKwYDVR0R
BCQwIoIQKi5iZi1saXZlLmNvbS5hdYIOYmYtbGl2ZS5jb20uYXUwDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA+BgNVHR8ENzA1
MDOgMaAvhi1odHRwOi8vY2RwLnJhcGlkc3NsLmNvbS9SYXBpZFNTTFJTQUNBMjAx
OC5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQIwKjAoBggrBgEFBQcCARYcaHR0
cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgEwdQYIKwYBBQUHAQEE
aTBnMCYGCCsGAQUFBzABhhpodHRwOi8vc3RhdHVzLnJhcGlkc3NsLmNvbTA9Bggr
BgEFBQcwAoYxaHR0cDovL2NhY2VydHMucmFwaWRzc2wuY29tL1JhcGlkU1NMUlNB
Q0EyMDE4LmNydDAJBgNVHRMEAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcA
pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFrmxOLqAAABAMASDBG
AiEA6XrFKbbFjImIo2UzhtGPhXdxDOSsw7dVOamq+40DV1ACIQDBUWbOeN+eQuEz
VU0QODHz+y7ECuRHbqDAbxpJmHBK7gB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1
YMG06v9eoIMPAAABa5sTjCYAAAQDAEcwRQIge64aCZFVt+7OlcygM7RQ87JmmWbj
WYsZtcH3UpqQ8yQCIQCTZ55trlIaqks4svWCN7gOLHn1qkgLjbVgvsBJ+QQv2zAN
BgkqhkiG9w0BAQsFAAOCAQEAQM+XzdYcMAoZQqQsKm2+yUmyCu5dS+dnR8B4oNDI
fkfxwyjSy19I0WakhWwK0Ma3bIEO2lKN80H+wFvCVksiQDcAFdfF5sco0xsGGIAp
s6TrduuhGTxBHA2CndY3S8eFh3yZ2wnuDclgGYX2TmgMG1WYtKys/AWNHCYznpaN
k7+ViB7iHlncfc8n/TZwtD8thDxr6MJa7cpY6wp0MAwLWbQDJPG9aGhsVIgdvPRY
+1MR3adNg0nyFutQwTEdHp0JK2d/kmaN/ncKYKDJRDMKGJgQpAf9EWedcR7BhuiQ
abqnWHtTPP2XN8zvl/+OMM4Kk/7Gc1y0z33MKH/B6M/BWA==
-----END CERTIFICATE-----
Which is:
rg305
June 22, 2020, 5:39am
3
There is a redirect to HTTP, but that is too late for those that asked for HTTPS:
curl -Iki https://jwconstructionsqld.com.au/
HTTP/2 301
content-length: 160
content-type: text/html; charset=UTF-8
location: http://www.jwconstructionsqld.com.au/
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Mon, 22 Jun 2020 05:39:06 GMT
inhale
June 22, 2020, 7:40am
4
Thanks… but I can’t find any redirect to HTTP
The site is a WordPress site and the URL is
https://jwconstructionsqld.com.au
I found some URL Rewrites in IIS and disabled them, but it is still there!
letsencrypt@discoursemail.com >
inhale
June 28, 2020, 10:45pm
5
rg305
Any more suggestions. It still isn’t working
Thanks
Wayne
Hi @inhale
as @rg305 wrote: Your website sends the wrong certificate - see https://check-your-website.server-daten.de/?q=jwconstructionsqld.com.au
You have created Letsencrypt certificates:
Issuer
not before
not after
Domain names
LE-Duplicate
next LE
Let's Encrypt Authority X3
2020-06-22
2020-09-20
jw.inhale.com.au, jwconstructionsqld.com.au, www.jwconstructionsqld.com.au - 3 entries
duplicate nr. 4
Let's Encrypt Authority X3
2020-06-22
2020-09-20
jw.inhale.com.au, jwconstructionsqld.com.au, www.jwconstructionsqld.com.au - 3 entries
duplicate nr. 3
Let's Encrypt Authority X3
2020-06-22
2020-09-20
jw.inhale.com.au, jwconstructionsqld.com.au, www.jwconstructionsqld.com.au - 3 entries
duplicate nr. 2
Let's Encrypt Authority X3
2020-06-22
2020-09-20
jw.inhale.com.au, jwconstructionsqld.com.au, www.jwconstructionsqld.com.au - 3 entries
duplicate nr. 1
Let's Encrypt Authority X3
2020-06-16
2020-09-14
jw.inhale.com.au, jwconstructionsqld.com.au, www.jwconstructionsqld.com.au - 3 entries
But you don't use one of these. Instead,
CN=*.bf-live.com.au
27.06.2019
20.07.2020
expires in 21 days *.bf-live.com.au, bf-live.com.au - 2 entries
from RapidSSL is used.
Looks like your binding is wrong. Share a screenshot.
inhale
June 28, 2020, 11:30pm
7
Yes I know and that is the issue.
I use Plesk Onyx and Let’s Encrypt
I have setup the SSL and it was successfule
I go into IIS on the server and it is there and valid.
I go to the bindings in IIS and they are set to LetEncrypt: http://prntscr.com/t859rk
Not sure what else I an do because I am going direct to IIS to set this
Thanks for replying
Wayne
rg305
June 28, 2020, 11:41pm
8
May be nothing… but…
Have you tried (if it allows) to set the site binding IP to “ALL” (or some equivalent value) ?
[I’m thinking that if there is any IP mismatch, that cert won’t be used - the default will be used instead.]
inhale
June 28, 2020, 11:55pm
9
OK I tried that to no affect.
I would delete the site and start again but unfortunately it is the email server as well.
rg305
June 29, 2020, 12:02am
10
Are there more than one system involved?
Don't use there an ip address.
Use * or All (don't know, don't look in my own IIS).
That's a known problem that the environment selects another ip address to connect (may be a private ip address), so the binding isn't used.
And you need a second binding, same values, with the www version.
PS: Yep, @rg305 sees it correct, see your check - https://check-your-website.server-daten.de/?q=jwconstructionsqld.com.au
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
There answers an IIS 10.0, not 8.5.
inhale
June 29, 2020, 7:00am
12
All fixed. I changed the IP address to another one and updated the DNS
The problem mysteriously goes away
@JuergenAuer The binding was originally set to * for all of the URLS, I only changed it to the IP Address to see if that fixed it.
All good now
Thanks for everyone’s advice
Wayne
2 Likes
system
Closed
July 29, 2020, 7:00am
13
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.