"Your connection is not private" ISSUE


#1

On Friday (15.07.2016) I installed a SSL Let’s Encrypt Certificate. All good until here. Starting from yesterday(17.07.2016), at random points of time I got only “Your connection is not private” security issue on every path of my website I accessed and for no reason, the certificate was valid. No change no nothing… and after a while it works again.

I really need help with it !
I’ve tested my domain/hosting with: https://www.ssllabs.com/ssltest/analyze.html?d=www.thejourney.ninja and I get an A+. Can you help me with this one guys, please ?

Thank you !

More details below:

My domain is: www.thejourney.ninja

I ran this command: -

It produced this output: Your connection is not private (from time to time)

My operating system is (include version): MacOSX El Capitan

My web server is (include version): Apache 2.4.23

My hosting provider, if applicable, is: speedhost.ro

I can login to a root shell on my machine (yes or no, or I don’t know): -

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, DirectAdmin


#2

There are some mixed content warnings on some subsites (for example, you link to an image via http://www.thejourney.ninja/stars404.png on the “Privacy Policy” page). This would get rid of the green lock or show a warning, depending on your browser.

Other than that, I don’t see any problems with your configuration.


#3

I just fixed that link with https:// instead of http://, but besides this only some times we get for all the website paths the your-connection-is-not-private ‘error’ and after a while it just works again. Don’t know how I can show this to you guys :frowning:


#4

What browser are you using? What does this error look like, and is there an option to show more error details?


#5

I mainly use Chrome, but when I get the error I get it on all: Mozilla, Safari even in Edge(sometimes) :frowning:
The error looks like this:

“www.thejourney.ninja uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for localhost Error code: SEC_ERROR_UNKNOWN_ISSUER”


#6

When this happens you are being shown the wrong certificate, which means you’re not talking to the real www.thejourney.ninja and so the browser is protecting you.

It could be that there is some misconfiguration at Speedhost, which causes this. But it is more likely that some other system is trying to put itself between your web site and you, and this of course is exactly what the SSL system is trying to prevent from happening.

When this happens, there should be a way to see the presented (wrong) certificate, it might be a little different in each browser, I think in Firefox you can click Add Exception then View Certificate, and the “Issued To” and “Issued By” stuff is most relevant here, a screenshot of that, when this problem arises might help pin down the issue exactly.

  • It could be that you have software installed on your Mac which does this, it might describe itself as “anti-virus” software or say that it protects against Malware. In this case you can usually re-configure the software to fix the problem

  • It could be that your home or place of work has a proxy doing this to everyone on the network. If you did not agree to this then you can ask for it to no longer be used on your connections.

  • It could be that a network provider, on their own or in co-operation with a nation state is interfering between you and the server where this system is running.

It can also help if you can find someone elsewhere on the Internet who sees the same problem, maybe a friend with a different ISP ? If it’s just happening to you, that suggests one of the top items from my list. Often the information on the wrong certificate that’s presented can help identify who made it and why. But if it’s just a goof at Speedhost it may not help, in that case you’d have to ask their support staff to investigate.


#7

You have 3 main nameservers for your domain ns1. ns2 and ns3. dow-media.com

ns1 and ns3 provide the IP address 46.4.152.167

ns2 provides the IP address 88.198.25.154 - which doesn’t have the correct cert on it ( and probably isn’t where you want people to go anyway).

If you correct your DNS settings at all your nameservers it should correct your issue.


#8

I will check with my hosting company support and get back to you. Thank you!


#9

My hosting company support told me that they restarted the server and it should be ok now, but can you tell me how did you tested that the ns2 server is redirecting to the wrong ip, please ?

Thank you !


#10

I did it from linux with the command below ( which show’s it’s now OK )

$ dig www.thejourney.ninja @ns2.dow-media.com +short
46.4.152.167

You can also test your DNS with various online tools - such as dnscheck.pingdom.com intodns.com or viewdns.info


#11

Thx! I’ll see if I encounter the error/issue from now on and let you know if I do.


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.