Unmatching security certificate


#1

BitDefender blocks my website at https://www.Angels-Reach.net/ citing “Unmatching security certificate”.

Screenshot: https://i.imgur.com/lXfQH38.png

My domain is: Angels-Reach.com

I ran this command: certbot-auto

It produced this output: it worked

My web server is: Apache 2.x not sure

The operating system my web server runs on is: Debian 8

My hosting provider, if applicable, is: Joe’s Datacenter

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Hi,

The certificate is working correctly…
And https://www.angels-reach.net/ is using a CloudFlare ECC certificate (Cloudflare CDN is enabled), if you just turned the service on…you might need to disable the BitDefender or wait for a few hours (or contact CF support, if there’s any)

For the angels-reach.com, you have a certificate that only covers Angels-Reach.com, but not the www version… You might want to add that inside the certificate in order to avoid the error (bitdefender error page) appear on that site (if that www version resolves to the same server).

Thank you


#3

Hi @VergilPrime

checked your domain with my own online tool ( https://check-your-website.server-daten.de/?q=angels-reach.com ):

http://angels-reach.com/ 301 https://angels-reach.com/ 0.266 A
http://angels-reach.com:443 200 0.397 H
http://www.angels-reach.com/ 200 0.413 H
https://angels-reach.com/ -4 0.474 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send.
https://www.angels-reach.com/ -4 0.467 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send.

You have a SendFailure / Error -4. But checking http over Port 443 your server sends a http status 200.

So your SSL-configuration is wrong.


#4

I think the issue is fixed, thank you!


#5

Yep, now your http over port 443 - configuration is fixed.

Perhaps add redirects http -> https and a redirect https - non-preferred version -> https - preferred version.


#6

Yeah about that, I was surprised because the software said something about automagically redirecting http requests to https requests and I agreed to that setting change, but in the end I had to do it manually.