I have a question. I have changed my domain and need to renew/reassign my SSL through the admin menu, how I do that? Because it still shows my old domain and when I click renew SSL it just gives me an error.
1
Related
I am getting ERR_CERT_REVOKED in iPhone while accessing our website which uses a GoDaddy SSL certificate. It works fine on Laptop on all browsers but gives this error on iPhone.
Godaddy is facing an AutoSSL technical issue where they are not able to renew the SSL certificate. Mine has been down for 2 days now and has contacted their support multiple times. No permanent fix as of now.
You can do these steps which can put you in the queue for AutoSSL renewal. They haven't mentioned a timeframe for the resolution of this issue, unfortunately.
Steps:
Go to Cpanel of Hosting
Select SSL/TLS
Select Generate, view, upload, or delete SSL certificates.
Delete all self-signed certificates
Go to Cpanel and select SSL/TLS Status
Select all domains you want to renew and click Run AutoSSL
This will put your domain in the queue for renewal.
God knows when these guys will resolve the issue and renew it though.
Is there a reason why Facebook doesn't allow LetsEncrypt signed certificates in their "app development" section?
I keep getting this error:
(For the untrained eye, this is me trying to setup a webhook for new messages notifications)
Blurred out the host, but it's a valid host and using chrome or firefox on Linux and Windows doesn't give any errors.
SSLLabs also says the site is perfectly valid.
Running curl https://... on my own host, sure enough I get the same error,
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
So my question is, why have Facebook (that openly supports LetsEncrypt) decided to use default curl CA bundle to verify the callback-url of an app? If that doesn't allow LetsEncrypt?
It appears to be counterproductive to me.
Is there a way around this?
SSLLabs also says the site is perfectly valid.
It shows a warning in orange, that the certificate chain is incomplete.
Your server should present all necessary intermediate certificates as well, in addition to the certificate issued for your domain. (Which was simply forgotten here by mistake.)
We procured standard ssl certificate to mydomain.net from godadday.
We shutdown live server mydomain.com, configured new server mydomain.net with ssl, everything works fine.
We have added redirect records in DNS for mydomain.com to mydomain.net
www.mydomain.com redirecting properly to www.mydomain.net
We are experiencing a issue, when any request to https //www.mydomain.com
redirection happening but with untrusted certificate error message.
www.mydomain.com uses an invalid certificate.
The certificate is valid for the following names:
www.mydomain.net , mydomain.net
(Error code: ssl_error_bad_cert_domain)
Godaddy india support not able to resolve the issue, escalated to US support no update from US support.
Please suggest me how to resolve this issue?
Thanks,
ItsR
Redirection inside a HTTPS connection from domain A to domain B needs a proper certificate for domain A too, which does not seem to be in your case. This is because the redirection happens inside the TLS connection, i.e. the TLS connection needs to be established first which needs the proper certificate.
I'm trying to do this:
https://dummiesite.com --> http://dummiesite.com
and
http://dummiesite.com --> http://new.dummiesite.com
and
http://new.dummiesite.com --> https://new.dummiesite.com
So no matter what site the user goes, it will allways be redirected to https://new.dummiesite.com
The problem:
With I have a wildcard certificate for *.site.com. But it is only valid for all the subdomains of site.com, not for site.com itself. With lighttpd I cannot use more than one certificate per IP (I have only one), so when the user goes to https://dummiesite.com, it gets an error because the certificate is not valid.
That is why I'm trying to redirect https://dummiesite.com to http://dummiesite.com. How can I do it without a valid certificate and without showing the user errors?
Thanks for your help
You can't with the current certificate. HTTPS is HTTP inside an SSL tunnel, so before you can do the redirect at the HTTP level the SSL connection has to be established. But this fails because your certificate does not match the hostname. You need to get a certificate which includes both *.dummiesite.com and dummiesite.com (yes, this is possible).
I have a few sites that have SSL Certificates installed. When an SSL request is made with my employer's iPhone, this error message is displayed:
Accept Website Certificate
The certificate for this website is invalid. Tap Accept to connect to this website anyway.
I've pulled up the same pages in other browsers, including Safari, and they do not show any issues with the certs.
These two URLs exhibit the problem:
https://www.powerlunchbunch.com/index.php?template=join&nav=20
https://www.councilonagingmartin.org/index.php?template=donate&nav=257
Additional Information:
Both SSL certs are issued by Network Solutions
The sites are hosted on Rackspace Cloud Sites
Update:
I now have an open ticket with Rackspace for this issue. I browsed the same sites in Firefox 4.0 Beta 7, and got this warning page, telling me that "The certificate is not trusted because no issuer chain was provided.":
I think it's because you (or your hosting company) haven't configured the full certificate chain on your web server.
Take a look at a report from an ssl checker, such as this:
http://www.sslshopper.com/ssl-checker.html#hostname=www.councilonagingmartin.org
...
I can see from this report that you're using Apache2.2. Configuring 'intermediate certificates' on Apache2 goes something like this:
SSLCertificateFile /etc/ssl/crt/yourDOMAINNAME.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/chainCert.xxx
I don't know if you configured the certificate yourself, or your hosting company configured it, so you'll either need to contact your hosting company, or the certificate provider, who can provide the intermediate certificate(s).
Hope That Helps
Unfortunately, the Root CA for both those certificates, Network Solutions, L.L.C. is not a trusted certificate authority on the iPhone.
If you look at the certificate chain, it does end up at AddTrust, which is a trusted CA on the iPhone.
So you likely have one of the following problems:
1) Your certificate is not installed correctly on the web server
2) You need to work with Network Solutions (the SSL cert issuer) to get a cert that properly chains to AddTrust.