Valid SSL but web-browser marking it as not secure

Antonello · May 25, 2020, 3:44pm

Hi Everyone,

managed to install my ssl with certbot on nginx and everything seemed to be working fine.
Decided to attach a sitemap.xml into my project, redeployed my website and since then the web-browser is marking it as non-secure with the http, and it won’t load with the https.
SSL checker marks it as all good.

Tried to upload the previous version of the app(the one with no sitemap), and I have the same issue.

Inbound traffic is listening on both port 80 & 443.
Didn’t change any configs on the newly deployed version of the website, all I did is to add the sitemap. Ran through all my codes to spot any http to convert to https, but could’t find any.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.o2gotravel.com
My web server is (include version):64bit Amazon Linux 2/5.0.1

The operating system my web server runs on is (include version): 64bit Amazon Linux 2/5.0.1

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

Thank you very much in advance

rg305 · May 25, 2020, 3:57pm

I’m unable to test your secure site:

curl: (7) Failed to connect to www.o2gotravel.com port 443: Connection refused
curl: (7) Failed to connect to o2gotravel.com port 443: Connection refused

Antonello · May 25, 2020, 3:59pm

It’s anything but secure at the moment. htpps connection fails… Can’t really get at the root of the problem. Seems so weird that after loading a sitemap.xml it won’t work anymore. And tried to deploy the version that had no problem with port 443, and has the same issue…

rg305 · May 25, 2020, 4:00pm

Undo undo undo.
Do you have a working backup?
How do you deploy?

Antonello · May 25, 2020, 4:03pm

I have copied the whole project and made the sitemap changes on the new project folder. Can it be considered as a backup?

rg305 · May 25, 2020, 4:03pm

I suppose…
Can you deploy a previous version that works?

Antonello · May 25, 2020, 4:06pm

That’s what I have been trying to do as I was blaming the sitemap. But no matter which version I upload it spits out the same issue.

rg305 · May 25, 2020, 4:08pm

Well…
Then you will have to look through the nginx config files to see where it broke.

Antonello · May 25, 2020, 4:11pm

Will try to do that, Thanks

rg305 · May 25, 2020, 4:12pm

I would start by looking in the /etc/nginx/sites-enabled/ folder.

Antonello · May 25, 2020, 4:25pm

I don’t have such folder in my /etc/nginx

rg305 · May 25, 2020, 4:27pm

That would have been a default.
So, I don’t know how yours was setup.
Try:
nginx -T | grep -i include
[that might show where the configs are stored]

Antonello · May 25, 2020, 4:41pm

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
include /etc/nginx/mime.types;
include conf.d/.conf;
# Include the Elastic Beanstalk generated locations
include conf.d/elasticbeanstalk/.conf;

rg305 · May 25, 2020, 4:44pm

It’s probably one of these files:
ls -l /etc/nginx/conf.d/elasticbeanstalk/
or
ls -l /etc/nginx/conf.d/

Antonello · May 25, 2020, 5:47pm

these two folders/file don’t really have anything too interesting… However…
nginx/nginx.conf has…
GNU nano 2.9.8 nginx.conf

#Elastic Beanstalk Nginx Configuration File

user nginx;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 32153;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

include conf.d/*.conf;

map $http_upgrade $connection_upgrade {
    default     "upgrade";
}

server {
listen        80 default_server;
    access_log    /var/log/nginx/access.log main;

    client_header_timeout 60;
    client_body_timeout   60;
    keepalive_timeout     60;
    gzip                  off;
    gzip_comp_level       4;
    gzip_types text/plain text/css application/json application/javascript $

    # Include the Elastic Beanstalk generated locations
    include conf.d/elasticbeanstalk/*.conf;



    client_header_timeout 60;
    client_body_timeout   60;
    keepalive_timeout     60;
    gzip                  off;
    gzip_comp_level       4;
    gzip_types text/plain text/css application/json application/javascript $

    # Include the Elastic Beanstalk generated locations
    include conf.d/elasticbeanstalk/*.conf;
}

}

and nginx.conf.default has:

GNU nano 2.9.8 nginx.conf.default

worker processes 1;

events{
worker_connections 1024;
}

http {
include mine.types;
default_type application/octet-stream;

sendfile: on;

keepalive_timeout 65;

server {
listen 80;
server_name o2gotravel.com www.o2gotravel.com;
return 301 https://$host$request_uri;

}

location / {
root html;
index index.html index.htm
# HTTPS server
#
server {
listen 443 ssl;
server_name o2gotravel.com www.o2gotravel.com;

    ssl_certificate /etc/letsencrypt/live/o2gotravel.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/o2gotravel.com/privkey.pem;

   # ssl_session_cache    shared:SSL:1m;
   # ssl_session_timeout  5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ‘EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH’;
ssl_prefer_server_ciphers on;

 location / {
    proxy_pass http://MY-PRIVATE-IP:8000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;

ssl_ciphers ‘EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH’;
ssl_prefer_server_ciphers on;

 location / {
    proxy_pass http://M-YPRIVATE-IP:8000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

}

rg305 · May 26, 2020, 9:51am

Is that last part, location /, shown twice actually repeated twice?

9peppe · May 26, 2020, 9:56am

I see your website just fine. I suspect problems with your client.

Antonello · May 26, 2020, 10:31am

Hi yall

Fixed it by installing the SSL again… and it seems to be working just fine now. Thank you :))

system · June 25, 2020, 10:31am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Installed SSL certificate, works for 3 seconds and then goes back to 'Not Secure' Help	7	818	July 24, 2020
Https on website not working Help	12	2086	October 24, 2018
Valid certificate :: Browser says : site not valid Help	6	766	March 3, 2021
The Certificate is VALID but the site still NOT SECURE Help	4	737	October 7, 2019
Installed SSL Certificate successfully on a website, still getting the "your connection is not secure" message Help	11	47952	July 4, 2018

Valid SSL but web-browser marking it as not secure

Related topics