Virus scanner considers cancelled certificate valid and blocks site

My domain is: africangwasuma.com

My hosting provider, if applicable, is: asurahosting.com

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Directadmin

I have cancelled the SSL certificate for my website. I just requested it because I had problems with adding my email account belonging to that website to Gmail. Once I noticed the error was not due to lacking SSL, I cancelled the certificate, because I don't want to run my site on HTTPS yet (need to check pages and upgrade http links first to avoid errors). The problem is: in spite of that the certificate is cancelled, virus scanners, like Kaspersky, still consider it valid. You can see the screenshot on the link. And it is blocking my HTTP site. It displays a page in the browser saying my connection is not private. The error is triggered when I type my domain name like this into the browser: "africangwasuma.com" omitting the http:// prefix. If I add that prefix, the website loads fine. This did not happen before. Where did it find traces of the certificate and how to remove it? I would like to add, that NO, it is not a browser caching error! The problem occurs on any of my computers and browsers, even if I clear all browser history, or check this on a computer where I never visited the site before. The problem goes away only in case I disable the virus scanner. I have also checked my redirects at the hosting there is none.


1 Like

Welcome to the community @bencuri

I agree but I don't know DirectAdmin very well so may not have much help to give. I can explain what is happening and maybe this is enough for you to resolve it.

Your LIteSpeed server is still configured to listen to port 443 (HTTPS) so it is responding. And, it sends out a cert for the name d1.my-control-panel.com. You can see this in the cert screen you provided. Browsers will warn about that because the domain names in the cert do not match what was used in the original URL for africangwasuma.com

I think your best option is to get the cert for africangwasuma.com to be sent out by your server. You issued several of them but I do not know how to make DirectAdmin select one of them.

Your other option is to change your LiteSpeed server to not listen on port 443. But, browsers will still warn that HTTP connections are not secure. It is just a different warning than what you see right now.

3 Likes

The reason why so many was issued is because Gmail reported error every time I wanted to add an email address belonging to this domain. I thought it is because of the SSL certificate. When I noticed it is not, I cancelled. Basically what happend is that I requested/cancelled several times until the situation was clear for me.

What do you mean by "different warning" in case on HTTP? You mean the notification besides the search bar in browsers or an error screen? I have a HTTP site that has never been put on SSL, that one loads fine even with Kaspersky. This problem I mentioned happens only after a domain is put on SSL once at least. I have another site, a forum, there I accidentally put the domain on SSL in the options when migrating, cancelled it right away, but it is triggering the same error with Kaspersky ever since, even if the incident happened years ago.

I just meant a different warning than what you see about the incorrect cert. HTTP is not considered secure and browsers will warn about this in various ways. I think your best path forward is to get HTTPS working. But I don't know enough about DirectAdmin to give specific advice.

Perhaps a different volunteer here might know. Or, you could try asking on a DirectAdmin forum.

3 Likes

What about Cpanel? I have a similar issue with another site on Cpanel. Do you know the process there to disable that port? I would try it to see what happens. I don't really have time now to check all sites for old http links, the other one is a php site moreover, I cannot check the database, I don't know how to do it. That will be a longer project to transfer them to HTTPS. That is why these are still on HTTP:

No, I am afraid not. Perhaps a Cpanel forum? Personally, I don't use "panels" to configure servers so would have to use their forums and read their docs same as you.

At least for africangwasuma there does not appear to be any mixed content. At least on the home page. There are tools to help with such things. Like WhyNoPadlock. And, servers should be setup to redirect http to https by default so that mitigates some issues.

3 Likes

Okay, it seems I need to accept the task to check these sites and transfrom them to HTTPS. Thanks for the advices!

3 Likes

Underneath all that, I see Apache:

curl -Ii http://africangwasuma.com/
HTTP/1.1 200 OK
Date: Sat, 28 May 2022 17:49:40 GMT
Server: Apache
Last-Modified: Sat, 28 May 2022 15:36:36 GMT
ETag: "544a-5e014303b113e"
Accept-Ranges: bytes
Content-Length: 21578
Vary: Accept-Encoding,User-Agent
Content-Type: text/html

Can you edit the Apache config?

2 Likes

Don't scan the site server now. The circumstances changed since then. I am moving it. I noticed the problem goes away if I delete that domain from the hosting, remove the files and move the site to another hosting. That way the HTTP redirection works fine. The browser automatically uses the HTTP, and in case https prefix is added, it sends a message the website is not available or redirects to Google search. But the browser doesn't cache the HTTPS version, so it works as should. I am now testing what happens if I move the site back. I know it is a dumb solution, and time to upgrade to SSL, but this problem haunted me for years, so I want to see now what happens this way.

1 Like

Okay, so I finished testing, and if I move the site back, the problem occurs again after the DNS change is settled. So maybe it depends on the hosting provider, or if you ever used SSL for that domain at that hosting provider, but this is a hosting account related error. Moving the site to Freehostia I don't get this error, that is sure.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.