Webmail is not secured

Help
1

Hello,
I get a notification that only webmail is not secure. Please help me to solve this problem.
My domain is: najduzarec.rs
The web server is: IIS 10
The operating system my web server runs on is (include version): Windows Server 2022 (64-bit)

2

Using the online tool SSL Checker yields https://decoder.link/sslchecker/najduzarec.rs/443 and https://decoder.link/sslchecker/najduzarec.rs/465 is serving a fine certificate.

Using the online tool SSL Server Test (Powered by Qualys SSL Labs) is not showing any significant problem here SSL Server Test: najduzarec.rs (Powered by Qualys SSL Labs)

Using the online tool https://www.whynopadlock.com/ results https://www.whynopadlock.com/results/6c0779e6-96bd-4b2b-8526-783443d88ef8 only has an issue with Protocols TLS 1.0 and TLS 1.1 are enabled.

I have no problem view the with Windows 10 Firefox 117.0.1 (64-bit) nor with Chrome Version 117.0.5938.89 (Official Build) (64-bit)

$ curl -Ii https://najduzarec.rs/
HTTP/2 200
cache-control: private
content-length: 8406
content-type: text/html; charset=utf-8
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
strict-transport-security: max-age=15768000; includeSubDomains
date: Sat, 23 Sep 2023 21:04:01 GMT

What client(s) is(are)

Have you cleared the client(s) cache, exited the app and restarted it?
Have you rebooted the system(s) the client(s) is(are) on?

Can you give more description to your issue?

1 Like
3

I get:

Your connection is not private

Attackers might be trying to steal your information from webmail.najduzarec.rs (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_AUTHORITY_INVALID

ReloadHide advanced

webmail.najduzarec.rs normally uses encryption to protect your information. When Brave tried to connect to webmail.najduzarec.rs this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be webmail.najduzarec.rs, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Brave stopped the connection before any data was exchanged.

You cannot visit webmail.najduzarec.rs right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

4

The https://decoder.link/sslchecker/webmail.najduzarec.rs/443

image
image950×728 8.51 KB

image
image956×561 6.28 KB

This is the presently being served certificate

$ openssl s_client -showcerts -servername webmail.najduzarec.rs -connect webmail.najduzarec.rs:443 < /dev/null
CONNECTED(00000003)
depth=0 C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
verify error:num=18:self-signed certificate
verify return:1
depth=0 C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
verify return:1
---
Certificate chain
 0 s:C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
   i:C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep 23 17:03:06 2023 GMT; NotAfter: Sep 22 17:03:06 2024 GMT
-----BEGIN CERTIFICATE-----
MIIEDTCCAvWgAwIBAgIDDEMpMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAkNI
MRUwEwYDVQQHDAxTY2hhZmZoYXVzZW4xDjAMBgNVBAoMBVBsZXNrMQ4wDAYDVQQD
DAVQbGVzazEdMBsGCSqGSIb3DQEJARYOaW5mb0BwbGVzay5jb20wHhcNMjMwOTIz
MTcwMzA2WhcNMjQwOTIyMTcwMzA2WjBjMQswCQYDVQQGEwJDSDEVMBMGA1UEBwwM
U2NoYWZmaGF1c2VuMQ4wDAYDVQQKDAVQbGVzazEOMAwGA1UEAwwFUGxlc2sxHTAb
BgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAsez6OGjrkvhQeD4rziuVB7kZeS2IJCprK0xwndDqyVHB/4+v
UO0gqUBXamSw9RMp9A1MhqpmBjQFBL9gGGsTpDbrK/VfHwUWLfIwcqQf38BcGQFS
MH+n7mrs8cl73t2eCk5AUr8W1KXKCV3bnlEr0XYZrbPEQFwuafDTBuYBNi1Y2lqv
LFp4ZypedZPXrLb5ampGMfq/A20JXmLP2zAQbn+Rd2X2PFv4yKTbqjwcxxPsXMgb
T285hKOprgrDw3fseBWKRtVogDCMrk/jRqoLxRIVdr6HBkNEV3/DTG1n2sfb0UZb
8JQxBgrJ7q69PG4QPVEi40Z70KtasOajedOkrQIDAQABo4HJMIHGMBMGA1UdJQQM
MAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTRgaN1SsbHsuxtSrPO07RquShjnDCBjwYD
VR0jBIGHMIGEgBTRgaN1SsbHsuxtSrPO07RquShjnKFnpGUwYzELMAkGA1UEBhMC
Q0gxFTATBgNVBAcMDFNjaGFmZmhhdXNlbjEOMAwGA1UECgwFUGxlc2sxDjAMBgNV
BAMMBVBsZXNrMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHBsZXNrLmNvbYIDDEMpMA0G
CSqGSIb3DQEBCwUAA4IBAQCMEEOv/0CL6NgXhAIQQGwJjKQ55yDOhIBHcx3ZgEt3
iXiEo+B5bNJ0WYrF4Vi6qMchCvYn6QW5XXJSbDM/WIduaM4oQmS7mgf9tmNcFAq8
lt/L9s/7NOjdt20P5fXtHG5/Jjiw6vJHtXthZTOFS23RfWUH3uWP/TWpqgOiDE3n
vM8jm/pTJTjkCzmfo2AxVxkclo8KYJ3Y7w9nlihUbsM+mKgR3wsBII46oj/PQd8p
UNs1EhNCWJxddmfzVGcC0KAUwU2jU4xAeVngeKLgDTIev+/hXy/GmFcu7AeKNnkq
W1TfUaWDIxm1FhI7jtbwi6UCGsq5xQUv9Hyw+HIoiXcQ
-----END CERTIFICATE-----
---
Server certificate
subject=C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
issuer=C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1535 bytes and written 403 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
DONE
1 Like
5

However the Certificate being served on Port 465 for webmail.najduzarec.rs is fine
https://decoder.link/sslchecker/webmail.najduzarec.rs/465

$ openssl s_client -showcerts -servername webmail.najduzarec.rs -connect webmail.najduzarec.rs:465 < /dev/null
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = najduzarec.rs
verify return:1
---
Certificate chain
 0 s:CN = najduzarec.rs
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep 23 16:59:48 2023 GMT; NotAfter: Dec 22 16:59:47 2023 GMT
-----BEGIN CERTIFICATE-----
MIIE+DCCA+CgAwIBAgISBKNYiIMMruGHAXpMDSDlvVp4MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA5MjMxNjU5NDhaFw0yMzEyMjIxNjU5NDdaMBgxFjAUBgNVBAMT
DW5hamR1emFyZWMucnMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg
cHlE5XcxvduowNcMdSz3oL28tpUkarW+D+hCRPHRcIod3gfzZityGculz7I2RAog
TDpyPSWOmsUr6PQ3ONhdTgHO2VITyf1nRh9C/UgM8ltbrsltUJEyaGadvpvpKZpa
u9dcSEmAAvLgxD1CzHe2YPR61KkAI4rejlgTdOIWir/+nz1vp5YTXfWg085gYB/X
k2bxqJlKvXC/pMJNmEM1g9ptyx61bGjucF3bkN6CMCKXWn6EdhkrJ6rMFHxVN1a0
dFLxyenZGIWw5+phxcA6UpL+EobdPhX4acE2IIE5nDhHLopd1c2lTUSY3I5cv2O9
+NtgLT4kivwNgGlwqqDRAgMBAAGjggIgMIICHDAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
BBYEFBDhZFl64O6Z2Z+fTfTAWyTzdZHOMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
MCkGA1UdEQQiMCCCDyoubmFqZHV6YXJlYy5yc4INbmFqZHV6YXJlYy5yczATBgNV
HSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AHoyjFTY
ty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABisMym7sAAAQDAEcwRQIgASoJ
e5jdrwSrJlPJhAd3z5wm4VZKQZxOdBzUSxXgu7ICIQD5VcireNbRWG+fwp6D+HJY
seqaoJi6tX4VWV9HsxegGgB2AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31t
Br1uAAABisMym84AAAQDAEcwRQIgGyyO9+HDVX7yOr7TSZpTMmaCGMIH4KIKya1S
gVnV3RgCIQCxLjQBU2Yz8rKysE3FguckuOQfxnuPq5t7x459hy7nszANBgkqhkiG
9w0BAQsFAAOCAQEAMoy7MivdXsXR74IU0Jjtn0J/tPfnadYsGUq2gVvZxQK8EE7p
G7Qr6MA6Z0WHeV7wn36ysh2+5i+ArRBqSDmLKNpY460S79wDBry2tLs8vfgTbAu1
Rykgf5a/D4u309CuTzo3egpbGyAGYP5KAbqtVgpseF7CObDiAtJ3ksOV1KHyNDmB
SOiFyVnLKg7lvznYWAlCuJaKCgP1P4jLcTwyS8nUsyLSVKRiKyN6Re3kzl4sLiiw
fDsJfcO51p6XcHgXMCZk9TYtYtrb+CDljQVTjxyPnlDeQVPgj/GtTx2JBeuxevou
bkH/Smm+zZUsNp9JNAcemdKrm7Yz7mXz4ifPPQ==
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = najduzarec.rs
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3077 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
1 Like
6

Looks like you've got it fix! :slight_smile:

1 Like
7

I did Reissue Certificate, re-entered the TXT record, so it's fine now. Also, I see it says that webmail.najduzarec.rs is secured.

1 Like
8

@slavisav glad your issue has been resolved, have a pleasant day! :slight_smile:

1 Like
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.