Cert install seemed to work just fine, but now Safari and Firefox say the connection is not private/secure. Under details, it says the cert name does not match input – and yet, they do!
SSL for Chrome browser works successfully.
I have Node.js serving on port 3000, then using Nginx as proxy to serve on port 80. Not sure if that’s an issue.
My domain is: humroll.com
I ran this command: sudo certbot --nginx
It produced this output: it installed a certificate and configured nginx
My web server is (include version): nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.04.2 x64
My hosting provider, if applicable, is: digital ocean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.28.0
Hi @cycleops
it's not the browser, it's the certificate ( https://check-your-website.server-daten.de/?q=humroll.com ):
Your website:
Your certificate:
CN=humroll.com
05.03.2019
03.06.2019
expires in 90 days humroll.com - 1 entry
Your certificate has only one domain name. So only your non-www version is secure. If someone uses the www-version, then it's insecure.
So create one certificate with both domain names and use that.
If that works, check, if you can create redirects http -> https and https + non-preferred-version -> https + preferred version.
1 Like
Brilliant!!!
All works!
Thank you!!
1 Like
Yep, now your certificate has both domain names:
CN=www.humroll.com
05.03.2019
03.06.2019
expires in 90 days humroll.com, www.humroll.com - 2 entries
So both connections are ok.
PS: Looks like this is a behaviour of Chrome.
Loaded (before writing the first post) the page with Chrome + non-www + https.
Tried to load the https + www - version -->> it wasn’t possible, Chrome redirects to the non-www version.
You’re right! I think there was an option, when installing the cert, to have http routed to https, but I declined as I’m developing. Hopefully, I can come back to that later?
You can always add redirects manual.
In your port 80 - vHost something like
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
In your port 443 - vHost something like
RewriteEngine on
RewriteCond %{SERVER_NAME} =notpreferredVersion
ReWriteRule ^ https://preferredVersion%{REQUEST_URI} [END,QSA,R=permanent]
Great! I think you are the most helpful person I’ve ever met. Thank you very much!
1 Like
schoen
March 5, 2019, 9:12pm
8
Yep, it's willing to assume that a base domain certificate automatically covers a www subdomain, while other browsers aren't, and this difference then causes confusion when trying to diagnose problems like this.
system
Closed
April 4, 2019, 9:12pm
9
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.