SSL working on pc not mobile

Hello, I red numerous topics about this on this forum, and none worked for me, that why I am making one more topic about this (sorry)
My certbot SSL is working on pc but not on mobile android or ios.
The domain is youpc.ro
Every time I generate an ssl I make one for www.youpc.ro and one for youpc.ro
I modified in vhost config of my xampp on windows server the chain file to fullchain instead of chain, no luck.

<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile "C:\Certbot\archive\youpc.ro\cert1.pem"
	SSLCertificateKeyFile "C:\Certbot\archive\youpc.ro\privkey1.pem"
	SSLCertificateChainFile "C:\Certbot\archive\youpc.ro\fullchain1.pem"
	ServerName youpc.ro
	Alias /.well-known "X:/xampp/htdocs/youpc"

<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile "C:\Certbot\archive\www.youpc.ro\cert1.pem"
	SSLCertificateKeyFile "C:\Certbot\archive\www.youpc.ro\privkey1.pem"
	SSLCertificateChainFile "C:\Certbot\archive\www.youpc.ro\fullchain1.pem"
	ServerName www.youpc.ro
	Alias /.well-known "X:/xampp/htdocs/youpc"

Thanks, and sorry again for a post same with other 101 on this forum.

For modern versions of Apache you do not use SSLCertificateChainFile

Instead, for SSLCertificateFile use the fullchain.pem file

What version of Apache do you have?

Also, you should use the certs in the /live/ folder not the /archive/ folder.

This is one site to help test your certs. You can see right now you send duplicates.

4 Likes

"SSL working on pc not mobile"
Which mobile? OS and OS Version.

1 Like

Hello and thanks for the fast reply.
I have running Apache 7.4.1.
Tried to modify SSLCertificateFile does the same. Deleted SSLcertchain line does the same.
In the live directory I have only sym files like shortcuts. Should i still use them?
Thank, sorry I am not quite that good with this stuff.

1 Like

Hello Bruce newest, version 13 android.
Thanks for the fast reply

2 Likes

This might be of help Long (default) and Short (alternate) Certificate Chains Explained

2 Likes

And here Hardenize Report: youpc.ro is showing NO http nor https

And using Let's Debug yields these results https://letsdebug.net/youpc.ro/1416080

ANotWorking
Error
youpc.ro has an A (IPv4) record (82.77.57.10) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with youpc.ro/82.77.57.10: Get "http://youpc.ro/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Trace:
@0ms: Making a request to http://youpc.ro/.well-known/acme-challenge/letsdebug-test (using initial IP 82.77.57.10)
@0ms: Dialing 82.77.57.10
@10000ms: Experienced error: context deadline exceeded 
IssueFromLetsEncrypt
Error
A test authorization for youpc.ro to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
82.77.57.10: Fetching http://youpc.ro/.well-known/acme-challenge/m5qlIRwNnReuxAIi92yBwRTv3COsYHSC2zkqlXNr4u8: Timeout during connect (likely firewall problem) 
1 Like

Thanks Bruce I stopped and restarted the server to try some things, thats why there is that error.
Now it says it is ok

Thanks

2 Likes

Somewhat off topic:

However using this online tool https://check-host.net/ finds Permanent link to this check report several "Connection timed out".

Let's Encrypt uses Multi-Perspective Validation Improves Domain Validation Security - Let's Encrypt

1 Like

"SSL working on pc not mobile"
Can you give any more details of how it is not working on mobile?
Such as the error, are you trying with Chrome on Android or some other app?

1 Like

Sure do Bruce!
The classy : your connection is not private.
Attackers mught be trying to steal your information, passwords.
NET::ERR_CERT_AUTHORITY_INVALID
Screen

Thanks

2 Likes

on default samsung galaxy browser

1 Like

Can you try Chrome?
I believe Samsung has their own web browser.

Also do you see the same IP Address for youpc.ro on the pc and the mobile?

1 Like

Haha you are a lifesaver Bruce!
I am plain stupid. Was trying to acces from an secured network (that was set up to prevent accces to server) in the same building with the server.
Thanks allot!
Can be closed, I am plain stupid.

4 Likes

You can just mark one of the Posts in this thread as the solution, just use the checkmark as the pic below show (currently greyed out, because it is not checked).
image

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.