This site not secure - error message

My domain is thinkplanner.se
It has https but sometimes when users try to visit the site they get this message.

This site is not secure
This might mean that someones trying to fool you or steal any info you send to the server. You should close this site immediately.

The certificate expires end of January.
Please help :slight_smile:

Best wishes.
Charlotte

Hi @charlotte

checked your site via thinkplanner.se - Make your website better - DNS, redirects, mixed content, certificates , you see the problem:


Domainname Http-Status redirect Sec. G
β€’ http://thinkplanner.se/
18.188.17.87 301 https://thinkplanner.se/ 0.223 A
β€’ http://www.thinkplanner.se/
18.188.17.87 301 https://www.thinkplanner.se/ 0.223 A
β€’ https://thinkplanner.se/
18.188.17.87 200 2.440 B
β€’ https://www.thinkplanner.se/
18.188.17.87 200 2.227 N
Certificate error: RemoteCertificateNameMismatch

Both http versions redirect to https, this is good.

Your non-www version works. But your www version has an invalide certificate. Because:

CN=thinkplanner.se
27.10.2018
24.01.2019
thinkplanner.se - 1 entry

your certificate has only one domain name, but you need a certificate with two domain names.

So how did you create this certificate?

Create one certificate with both domain names thinkplanner.se + www.thinkplanner.se and use this certificate.

2 Likes

In case you have not yet noticed:
thinkplanner.se & www.thinkplanner.se both resolve to:18.188.17.87
However, the cert at 18.188.17.87 only has one of those names on it.
The other name will fail with that error; as the CN, nor the SAN, don’t cover that other name.

If you ran certbot, with:
-d thinkplanner.se
then make that:
-d thinkplanner.se -d www.thinkplanner.se
[adjust for your particular ACME client syntax/requirement]

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.