SSL works for Chrome browser, but not for Safari or Firefox

Cert install seemed to work just fine, but now Safari and Firefox say the connection is not private/secure. Under details, it says the cert name does not match input – and yet, they do!
SSL for Chrome browser works successfully.

I have Node.js serving on port 3000, then using Nginx as proxy to serve on port 80. Not sure if that’s an issue.

My domain is: humroll.com

I ran this command: sudo certbot --nginx

It produced this output: it installed a certificate and configured nginx

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.2 x64

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Hi @cycleops

it's not the browser, it's the certificate ( https://check-your-website.server-daten.de/?q=humroll.com ):

Your website:

Domainname Http-Status redirect Sec. G
http://humroll.com/
206.189.200.38 200 0.240 H
http://www.humroll.com/
206.189.200.38 200 0.250 H
https://humroll.com/
206.189.200.38 200 2.477 B
https://www.humroll.com/
206.189.200.38 200 2.207 N
Certificate error: RemoteCertificateNameMismatch

Your certificate:

CN=humroll.com
	05.03.2019
	03.06.2019
expires in 90 days	humroll.com - 1 entry

Your certificate has only one domain name. So only your non-www version is secure. If someone uses the www-version, then it's insecure.

So create one certificate with both domain names and use that.

If that works, check, if you can create redirects http -> https and https + non-preferred-version -> https + preferred version.

1 Like

Brilliant!!!
All works!
Thank you!!

1 Like

Yep, now your certificate has both domain names:

CN=www.humroll.com
	05.03.2019
	03.06.2019
expires in 90 days	humroll.com, www.humroll.com - 2 entries

So both connections are ok.

PS: Looks like this is a behaviour of Chrome.

Loaded (before writing the first post) the page with Chrome + non-www + https.

Tried to load the https + www - version -->> it wasn’t possible, Chrome redirects to the non-www version.

You’re right! I think there was an option, when installing the cert, to have http routed to https, but I declined as I’m developing. Hopefully, I can come back to that later?

You can always add redirects manual.

In your port 80 - vHost something like

RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

In your port 443 - vHost something like

RewriteEngine on
RewriteCond %{SERVER_NAME} =notpreferredVersion
ReWriteRule ^ https://preferredVersion%{REQUEST_URI}  [END,QSA,R=permanent]

Great! I think you are the most helpful person I’ve ever met. Thank you very much!

1 Like

Yep, it's willing to assume that a base domain certificate automatically covers a www subdomain, while other browsers aren't, and this difference then causes confusion when trying to diagnose problems like this.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.