I am seeing the following:
AutoSSL last ran on December 31, 1969.
No certificate available. AutoSSL will attempt to secure the domain the next time it runs.
This is a dedicated server with GoDaddy. I have another CPANEL site on this same server and it runs AutoSSL just fine and works great. I have renamed .htaccess files and deleted pki text files. I See this message under SSL/TLS Status. Again, it works on other domains i have running on same server. On WHM it all looks correct.
I have renamed .htaccess files and deleted pki text files. I See this message under SSL/TLS Status. Again, it works on other domains i have running on same server. On WHM it all looks correct.
Related
I use a SSL certificate for our domain.
The New Certificate is valid until 15th November.
On some Computers (same Browsers) the Certificate is expired.
After cleaning the cache and restarting the browser, the domain is working as expected.
My Problem: Not every customer knows to clean the cache, so i need a solution on the server side.
For my Computer i already tried cleaning the cache - works!
you should clear SSL cache from the browser programmatically for that domain. So you wouldn't need to do it manually.
I'm trying to create a new certificate for my website which is hosted on Windows server 2012.
Currently, I have a self signed expired certificate. I would like to try Let's Encrypt SSL cert. So, I've downloaded latest version of Lets Encrypt from https://github.com/PKISharp/win-acme/releases and ran wacs.exe from unzipped folder.
When I select N=Create new certificate and entered my domain, I'm getting below error.
Expected: Certificate installed
Actual: Authorization failed error
It looks like the server is not reachable from the Internet. Your server must be accessible from Internet in order to allow Let's Encrypt systems to verify the ownership of the domain.
According to the error which appears (NXDOMAIN), it may be that the website is too new (DNS registers can take up to 48 hours to replicate), the DNS are not properly configured to point to your server, or maybe you have a firewall or filter which disallows external connections.
Make sure that you can reach your domain from Internet first and it points to your server, then try again to request a certificate.
So, I have a wildcard SSL cert from Go Daddy, and it has been installed on a few servers. However, on one particular server I cannot seem to get this thing done. Here's the process that has worked on all servers but this one:
1. Create CSR
2. Having gotten the certificate from the provider, I open the MMC certificates snap-in and import the intermediate cert to the intermediate authority store (or personal store, both have been tried). This is successful, in that I can view the certificate from the MMC
3. Go to the IIS server and under Server Certificates, I complete the CSR, point to the provided certificate and it imports into the web server successfully.
4. I go to an individual web site to assign the certificate to the web site under binding. When I select https and the IP address, the drop-down menu activates, but the certificate I just installed is not available for choosing.
5. I go back to the server Certificates, and the cert I just viewed is no longer there.
Go Daddy says to rekey, however, this makes no sense, since immediately prior to this, I installed that same wildcard cert to a different server, and it works fine. Obviously, this is something with IIS or Windows on this particular server.
Does anyone have any idea how to fix this without rekeying? Server platform is Windows 2008R2, IIS 7.5
If you have followed steps described in https://www.godaddy.com/help/iis-7-install-a-certificate-4801 then from your side it's done. And for more references, you can also check out this https://stackoverflow.com/a/43247419/7738413
Otherwise, rekeying is the last option.
I have a live server which has cPanel installed on it. It is hosting a website with a SSL certificate that got installed in Cpanel for the cpanel-user hosting the domain.
I now downloaded a backup of this cpanel account to my dev server (and restored it in WHM, dev server is using cpanel too) for testing purposes, however I have a question regarding the SSL:
Does the SSL certificate get copied when the cpanel account gets backed-up?
After changing my host file i am still able to see the website using SSL (even though its on the dev server and there was not a certificate installed). My understanding was that the SSL is specific for each server, because the CSR is done on the server the certificate should run on.
Why am I able to access both live and dev using https?
Yes, SSL certificate will be migrate When you migrate OR restore your account through cPanel/WHM tool.
I've got an ssl certificate for what I think is my domain and I want to apply it to two separate applications in that domain that run under ASP classic in IIS on Windows 2000.
I have the following stupid questions:
Are certificates issued for URLs or domains? Or subdomains?
Can I use the same cert for multiple websites (applications) within that domain, or do I need a separate one?
Can I inspect the cert file to determine for what or to whom it's issued?
Thanks!
1) Web certs are issued to a domain. Specifically the CN attribute of the certificate must match the domain used to access your site.
2) Certs are usually install per host (or virtual host). If you had cert for the domain wwwapps.domain.tld you could have one app at /calendar, and one app at /contacts.
3) Yes, depending on the format and where it is, this can be easy or hard. If you have a crt file and you are running under windows, just click on it. You should see the details.
If you want to inspect a certificate that is installed on a site, you usually have to click on the padalock icon.
On windows you can also open up the MMC, add the certificate snapin and see any/all installed certificates on the local machine, or your profile.
They are issued for domains. Subdomains require their own certs. You can buy a special wildcard cert for your domain that lets you create certs for your subdomains, but they are more expensive.
If you buy a cert for mydomain.com, you can use it for anything that starts with https://mydomain.com/
Yes. You can do this for any certs. check out the lock icon in your browser's address bar.
It's usually issued to a single web server host (basically a computer cname or a record) like foo.bar.com where foo is one name for the host which the certificate request was generated for and bar.com is its domain.
Thus it will work for any application or virtual directory that responds to https://foo.bar.com - like https://foo.bar.com/planner/ - but nothing more.
For https://*.bar.com you can get a wildcard certificate that lets you handle any number of hosts without any hassel - at a greater cost.
There are also multiple-SAN (UCC) certificates that can contain a specific number of host names in a single certificate like webmail.bar.com and autodiscover.bar.com for an Exchange 2007 server serving both web access and Outlook Anywhere from the same physical machine and NIC.
If it's in .cer format simply opening it in Windows will show the details, if it's a pfx or in some other transport format you'd need to import it.
You basically install the certificate on a Web Site node in IIS and anything you can fit beneath that (or modify using a modern firewall in front of it to still respond to the issued common name foo.bar.com) will work.
Thanks! I enabled port 443 for the site at the domain on the cert, loaded the cert via directory security in IIS for each subfolder, and enabled 128-bit encryption. Worked like a champ!