Steps to install SSL to Namecheap cPanel?

Should I start over? I will include cardsetcetera.com

No error whatsoever. Very smooth.

1 Like

Yes, please acquire a single production certificate covering both cardsetcetera.com and www.cardsetcetera.com then continue from there.

4 Likes

Thanks, will do. Have a good night.

2 Likes

You as well. Please let me know how it goes. :slightly_smiling_face:

3 Likes

I think it's successful, but confused - it I enter https, there's no Not secure, but if I enter only www.... it still showing Not secure. Both cardsetcetera.com and www.cardsetcetera.com are showing with valid certificates, expiring 8/12. Is that normal?

And now, I will have to work on the add ons.

1 Like

They both now have correct redirects from HTTP to HTTPS, so if you don't see that for the www, you can try clearing your browser cache or force-reloading. It looks right to me in general.

5 Likes

Yes, it was pointing to https this morning, but not anymore.

I was about to do the same for the add-on and realized I should have added it from the get go (my SSL with namecheap had different expirations so I thought SSL are dedicated to one site only).
And then I realized my 2nd add-on domain was with GoDaddy. So I uninstalled the cert. Then I pointed my other domain with GoDaddy to namecheap.

Now I am about to start the request for SSL but I get an error saying it's private and I can't get through.
http://cardsetcetera.com/certsage.php.

In the time I was waiting for GoDaddy to update the DNS, the only other change I made was update my user password for mySQL database and downloaded a theme. I didn't think that should make a difference.

Where/what should I look at this time. I don't mind the repetition however frustrating. I am learning.
Thank you so much for all the help.

1 Like

I figured out that it's because domain is forced to https. I turned it off and used a different browser. I think I can proceed to do the main and add-ons.

My second add-on encountered a problem:

urn:ietf:params:acme:error:connection
162.255.119.19: Fetching http://www.africanviolets.world/.well-known/acme-challenge/Jl6aTmqWYbhIrwQ27DXOuTnWU06xgEeg7SmHMn2W7ZM: Connection reset by peer

Is it because it was .world or because it was newly registered?
I actually had one with .us but realized I want another name so I purchased .world.
If it would be a problem, I will use the .us one.

Thanks again.

1 Like

You don't have your DNS set right yet. Your domain is pointing to a Namecheap parking page.

dig +noall +answer A www.africanviolets.world

www.africanviolets.world. 8     IN      CNAME   parkingpage.namecheap.com.
parkingpage.namecheap.com. 8    IN      A       198.54.117.211
parkingpage.namecheap.com. 8    IN      A       198.54.117.212
parkingpage.namecheap.com. 8    IN      A       198.54.117.217
parkingpage.namecheap.com. 8    IN      A       198.54.117.218
parkingpage.namecheap.com. 8    IN      A       198.54.117.215
parkingpage.namecheap.com. 8    IN      A       198.54.117.210
parkingpage.namecheap.com. 8    IN      A       198.54.117.216

To satisfy the HTTP Challenge for a cert you need to have the DNS point to your actual server.

5 Likes

Thanks. I went back. It is now showing:
dig +noall +answer A www.africanviolets.world
www.africanviolets.world. 1200 IN CNAME africanviolets.world.
africanviolets.world. 1200 IN A 198.54.115.247

But this time, I got a different error:

urn:ietf:params:acme:error:unauthorized
198.54.115.247: Invalid response from https://africanviolets.world/.well-known/acme-challenge/tYQlE1XEOStcidDBhldyEfgNLefwwrE-DCwl8fO8scY: 404

198.54.115.247 is same with main and another add-on.

1 Like

You need to put a copy of certsage.php into the webroot directory of africanviolets.world so that you can run CertSage from http://africanviolets.world/certsage.php. You will probably need to modify line 18 of that copy of certsage.php to be:

  public $dataDirectory = "../../CertSage";

The "../.." tells CertSage to look for its CertSage data directory in the parent directory of the parent directory of the directory where certsage.php is located. The standard line only tells CertSage to go up one directory, which is insecure, rather than two.

5 Likes

Thanks, I am getting a feel for it. So every domain must have it's own.

I downloaded the CertSage.txt each for the 2 add-ons to make sure there's no mix-up, and uploaded them.
cardsetcetera.com and africanviolets.world now shows a lock and has DV icon.
sweetstinkers shows error, not able to request for SSL.

I am so confused -

  • the https turned on by itself.
  • the add-ons root only has the CertSage.php, not a folder like what cardsetcetera has.
  • no DV showing for sweetstinkers, so not successful.
  • other items like mail showing not secured, is it because I don't have email set up?
1 Like

Should I have listed all below when requesting for a cert: * africanviolets.cardsetcetera.com

  • africanviolets.world
  • autodiscover.africanviolets.world
  • cpanel.africanviolets.world
  • cpcalendars.africanviolets.world
  • cpcontacts.africanviolets.world
  • mail.africanviolets.world
  • webdisk.africanviolets.world
  • webmail.africanviolets.world
  • www.africanviolets.cardsetcete…com
  • www.africanviolets.world?

You can include mail subdomain along with the other two on your cert. The others won't verify with HTTP-01 challenge. Can't use wildcard either.

5 Likes

CertSage does that when you install.

5 Likes

I am wondering if sweetstinkers is failing due to some configuration other than the SSL or could it be because https was already pushed to it by the main, hence I cannot request SSL for it anymore?

I was fiddling with the two add ons and were both failing so at some point I just went ahead and requested SSL for the main, then went back to work on the add-ons. The next time I checked, the main and one add-on were already DV'd while sweetstinkers continue to fail. Could it be that I have successfully requested for the first add on, then the main, which pushed the https, and now I cannot request for the 2nd add-on?

cardsetcetera.com and sweetstinkers.com appear to be sharing the same CertSage directory, as they should be.

What error are you seeing for sweetstinkers.com?

4 Likes

The website has an alert saying This Connection is no Private. So I can only close it.
Same thing when I try to send request for SSL to CertSage.
From the alert - view the certificate, it says cert not matching.

I cannot locate what is causing it. I see only 2 DVs, and I had asked Namecheap to cancel expired cert so I can remove it. But then, I do not know where it resides. I have looked everywhere.

The website was working (showing "Will be back." before I worked on the SSL)
I am thinking that maybe when I was incorrectly requesting for cert for all 3, that I got it mixed up with cardsetcetera. Last night I only got error for the africanviolets.world. It did not say anything about sweetstinkers. So maybe it got pointed to the cardsetcetera cert. But then the website was getting the same error prior to that. The erroneous cert detal says not valid before 3/10/2023. Does that mean anything? The old Comodo SSL from namecheap expired 5/10.

And another thing that confuses me is the cert for africanviolets.world is dated for last night 5/14. I only requested separately for each domain today 5/15. My head is spinning. Ha.

If you enter your various domain names into https://decoder.link/, you'll see that africanviolets.world is using a Sectigo certificate (not a Let's Encrypt certificate) that expires next year while cardsetcetera.com is using a Let's Encrypt certificate that expires in August. sweetstinkers.com, on the other hand, doesn't have a functional certificate installed.

5 Likes