Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: sessions-ebookbuddy.org
I ran this command:
It produced this output:
My web server is (include version): Ubuntu 20.04 , nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):
Django==3.2.7,
channels==3.0.4,
daphne==3.0.2,
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): snap certbot (1.19.0)
We have a website with websockets through Django, Django Channels. The main part of the site is working fine however Mac/IPhone/Ipad users can't connect to the websockets.
The users of the site are children so unfortuately having them make any changes on their device is pretty much out of the question. What can I do the server to ensure only the trusted chain is sent.
Previously I just had this error when checking the ssl.
|4|In trust store|DST Root CA X3 Self-signed
Fingerprint SHA256: 0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=
RSA 2048 bits (e 65537) / SHA1withRSA
Valid until: Thu, 30 Sep 2021 14:01:15 UTC
EXPIRED
Weak or insecure signature, but no impact on root certificate |
---|
However, now this one is now coming up as well
|3|Sent by server|ISRG Root X1
Fingerprint SHA256: 6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f
Pin SHA256: C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=
RSA 4096 bits (e 65537) / SHA256withRSA
CRL ERROR: HTTP request failed with status code 404: http://crl.identrust.com/DSTROOTCAX3CRL.crl |
---|
Those are both in the Path 2, Path 1 is showing no errors, but for some reason the Macs are denying the websocket only based on the not trusted second path.
Any help would be greatly appreciated, the kids are so disappointed they can't use the program.
Thanks