Website giving error in Safari but working fine on Chrome and Firefox

Help
1

WhatsApp Image 2024-02-19 at 2.55.29 PM
WhatsApp Image 2024-02-19 at 2.55.29 PM590×1280 62.6 KB

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cashgro.in

I ran this command: http://cashgro.in

It produced this output: screenshot attached
Website may be impersonating

My web server is (include version): Nginx

The operating system my web server runs on is (include version): CentOS

My hosting provider, if applicable, is: Google Domains

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

2

your sites cert only valid for www.cashgro.in, not cashgro.in. my firefox errors at first visit

1 Like
3

This is pretty strange.. as it working fine at Firefox and Chrome both at my Ubuntu machine.

4

looks like there is a wildcard certificate signed today, but webserver isn't using it

3 Likes
5

Yes.. this was done
Earlier the certificate was geenrate for only www.cashgro.in
Now we also wanted to have cashgro.in to be live(and under ssl)

So I used certbot for below domain
cashgro.in
*.cashgro.in

So instead of wild card, should I go for exact domains ?

6

no: using that certificate would be enought but webserver need to be explictly configured to use that

2 Likes
7

It fails with "Potential Security Risk" screen on Firefox on my Ubuntu

Maybe you have some cache or something that redirects to your www subdomain?

3 Likes
8

sudo certbot certonly
--manual
--preferred-challenges=dns
--email infra.dev@indepay.com
--server https://acme-v02.api.letsencrypt.org/directory
--work-dir=. --config-dir=. --logs-dir=.
--agree-tos
-d cashgro.in -d www.cashgro.in

I am using this now..(earlier it was *.cashgro.in which is now replaced specifically as www.cashgro.in)

Then I have restarted the Nginx server.. but still the issue persists.
Any worthy suggestion you can add here ?
Thanks

1 Like
9

If you have a functional nginx webserver, why would you use the dns challenge using the --manual for a regular, non-wildcard certificate? Simply using --nginx and without certonly would automate everything for you.

4 Likes
10

Clear your client cache [reboot the phone].

1 Like
11

I wasnt aware that we have --nginx available.

thanks.. this worked beautifully.

2 Likes
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.