I got problems with my custom domain setup on readthedocs.
Suddenly custom domain (https://docs.joinrpg.ru) stops working with SSL_ERROR_NO_CYPHER_OVERLAP.
Variois SSL checkers report that they "Failed to communicate with the secure server".
Readthedocs panel say that SSL certificate status: restricted_name_failure: Use of one or more domains on the certificate is restricted.
There was partial block by local authorities of readthedocs in Russia, but it (a) was on DNS-level (b)seems to be solved now, and (c) problem seems to reproduce outside russia.
What can I do to diagnose issue?
It was a bug with Cloudflare doesn't allow to issue certificates for "ru" domain zone.
It have been switched to Let's encrypt thanks to readthedocs team.
https://github.com/readthedocs/readthedocs.org/issues/9149
Related
I'm working on automating a web application (F# and Canopy). Getting 'Your connection is not private' screen upon launching the website/ after providing login credentials. Tried a few workaround to have the same disabled, but none did the job. Please help.
The best approach here is not try to hide or cover up the problem, but to fix it properly so you don't have to. Solutions that involve hiding the issue are necessarily going to adversely affect your security.
Note the wording of the error code: ERR_CERT_AUTHORITY_INVALID. That tells us that the certificate for the site is signed by a non-standard or unknown certificate authority.
You mentioned localhost in your comment; you're not going to be able to get a certificate for that, but you could create a self-signed one, however, if you've enabled the localhost exemption and you're still getting the error, it suggests that you may not be using localhost after all.
So, if you have a certificate signed by a real CA and you're seeing this error, it's likely that your local OS or browser has an outdated CA root certificate bundle. you can usually get the latest one by making sure your OS packages are up to date.
If your certificate is self-signed, then the 'advanced' button will allow you to add an exemption. I you have set up your own CA and signed the certificate with that, you need to add that CA's public key that signed it to your OS.
If you've got a "regular" commercial certificate from verisign, letsencrypt, comodo or whoever, then a run through a testing tool like testssl.sh or Qualys SSL labs will tell you more about what's going wrong. Without knowing the actual domain we can't test anything for you.
Added the following argument and it did the job:
options.AddArguments("--ignore-certificate-errors")
This is my first time getting an SSL certificate for my website. I followed this tutorial https://devcenter.heroku.com/articles/automated-certificate-management
heroku certs:auto displays that Status is "Cert issued". I get no errors. I use git push and the website is still not certified. What could I be doing wrong?
Old question, but if anyone else runs into this problem, which I was just battling myself, here was my problem:
When following the Heroku dev center guide on how to point a custom domain to your herokuapp, the guide says, among other things:
"Create a CNAME record to map from www.example.com to example.herokuapp.com or your SSL endpoint if using SSL."
Neither one of these alternatives are, however, the way to go now (SSL endpoint is considered legacy at Heroku). Instead, once you have added your custom domain correctly, simply:
In Heroku CLI, run "heroku certs:auto:enable" to enable ACM.
Point your domain's DNS records at the Heroku DNS target for your custom domain, which you can find by running "heroku domains"
Wait a little.
This should do it.
I run a website affectionaries.com that has a valid SSL certificate hosted by Hostgator.
It has come to my attention that when searching in Google for terms such as "Affectionaries" or "Cupcakes Runcorn" an other domain appears higher up the SERP's using my meta data an is unrelated to my business. If you click the link for (https://www.miamiboxpanama.com/) then it takes you to an insecure warning page! Under advanced it tells you:
www.miamiboxpanama.com uses an invalid security certificate. The certificate is only valid for the following names: affectionaries.com, www.affectionaries.com Error code: SSL_ERROR_BAD_CERT_DOMAIN
I can not figure out what is going on here...
So far I can see that this domain is on the same nameservers and IP address as my site.
Has anyone have experience with this and know a solution to resolve this matter?
www.miamiboxpanama.com resolves to the same IP address as affectionaries.com (192.254.231.2). So both names lead to the exact same web server, and therefore also the exact same SSL certificate. Since that certificate is only for the name affectionaries.com, the browser correctly issues a warning when the name it used was www.miamiboxpanama.com.
This looks like a configuration error at Hostgator. You may want to contact them and ask what's going on.
The domain in question is https://prophpbb.com
The certificate previously worked without issue. There have been no recent changes or cPanel updates. When trying to debug, the ssl cert being requested is clearly not what I have installed. In fact, it looks empty aside from some cryptic stuff, like the issuer email (see point 2). I suspect there might be DDoS mitigation going on either with HostDime, my datacenter, or globalsign, but I'm really spitballing at this point. I'm basing that on these findings:
I can't ping prophpbb.com, but I can ping addaforum.com (on same server)
SSL error returns net::ERR_CERT_AUTHORITY_INVALID and when I inspect the certificate, the issuer email is shown as: protect#DDoS-Filter.domain and the domain it's supposedly returning is "server" which is obviously not correct. The cert is issued by globalsign through the alphassl reseller ssl2buy.
What I have done to try to resolve this:
1. revoke the original certificate and reinstall it
2. rebuild cPanel's SSL cache via /scripts/rebuildinstalledssldb
3. restart apache
4. update cPanel from v60 to v62
5. disabling the software firewall (CSF)
I cannot find anything on Twitter regarding a globalsign outage. I put in a ticket at ssl2buy and at HostDime for good measure. Can you help me to understand what this issue is attributed to?
*edit - received a reply from HostDime. This was, indeed, caused by their DDoS mitigation. They resolved it quickly.
I edited the original post to note that it was resolved by the datacenter and it was due to DDoS protection. Replying here to mark it as solved.
I have a problem with a self-signed SSL certificate not being accepted on my Windows 7 box. I need this because the QuickBooks web connector will not address my CRM except over HTTPS, and the CRM is hosted on an intranet-only Linux server.
I followed the instructions here, and then used certmgr.msc to import the certificate on the client machine. The import appeared to be successful, and I can see the certificate in the "Trusted Root" store:
The problem is that it doesn't work; QBWC still reports it can't connect due to an authentication error, and my browser still rejects the certificate:
Could someone please give me an idea what I'm doing wrong? Thanks in advance!
The correct answer was propounded by #RickK - I had issued the certificate in my own name, instead of the domain of the server. The prompts in Apache make this rather confusing; it really looks like you're supposed to put your own name in the "Common Name" field, and the tutorial I followed seems to advise the same thing.
Anyway, I reissued the certificate, changing the CN field to "apps," and everything is working now. Thanks to #RickK and #pulkitsinghal for your helpful input. (And sorry for the delay in my response - this project got pushed to the back burner for awhile.)