Website is secure on chrome but not other browsers like firefox and edge

laith_super · May 3, 2024, 12:47pm

it says sometimes missmatch or something , anyways is this a common problem?

I ran this command: certbot certonly --manual --preferred-challenges dns -d daleelalhurra.com

It produced this output:
It produced this output: root@DaleelAlhurra:~# certbot certonly --manual --preferred-challenges dns -d daleelalhurra.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for daleelalhurra.com

Please deploy a DNS TXT record under the name:

_acme-challenge.daleelalhurra.com.

with the following value:

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: Dig (DNS lookup).
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
My web server is (include version):
nginx
The operating system my web server runs on is (include version):
ubuntu 23
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

Osiris · May 3, 2024, 12:50pm

First: you probably made a typo above, as it does not match the hostname daleelalhurra.com mentioned below.

Secondly:

You did not include the www subdomain. Some browsers like Chrome forgive this for some strange reason, but strictly speaking Chrome should not.

If you want to use the www subdomain, you need to include it in the certificate.

Also, is there a specific reason why you're using the dns challenge using the --manual method? That's very cumbersome as it cannot be renewed automatically.

Can't you use the --nginx or --webroot authenticators?

laith_super · May 3, 2024, 12:52pm

i used it because i couldnt generate it normally so i did it manually and i did a type it is www.daleelalhurra.com

Bruce5051 · May 3, 2024, 5:14pm

@laith_super well previous certificates both daleelalhurra.com and www.daleelalhurra.com
DNS Names in the SANs. The recent certificates are for www.daleelalhurra.com as the only name
and different certificate with daleelalhurra.com as the only name.

When I use https://daleelalhurra.com in Windows 10 Firefox 125.0.3 (64-bit) is redirected to https://www.daleelalhurra.com/, and shows no error or warning.

I suggest going back to having both daleelalhurra.com and www.daleelalhurra.com
DNS Names in the SANs. So the redirection would not have a chance of cause an error on some clients.

system · June 2, 2024, 5:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate renewed but server still not secure Help	41	349	June 1, 2024
Certbot certonly failure. Just started Help	6	143	October 10, 2024
Certbot-dns-google Problems Help	7	3117	October 21, 2020
Certbot is unable to deploy me _acme-challenge value for my domain visrtonline.com Help	13	821	July 22, 2023
Acme-DNS Locally Hosted Help	16	3040	September 18, 2021

Website is secure on chrome but not other browsers like firefox and edge

Related topics