With Google changing their TLS strictness a few days ago, I just want to share the solution that works for me.
This forum post was the answer. Log in to your Plesk / cPanel and change the SMTP server address to the host name like so:
Images copyrighted to the respective owner(s).
This is a "knowledge capturing" question (i.e. Answer is in the question).
Related
I've followed the guide here for SSL to be automatically configured on my site. It does have the certificate when I visit mysite.herokuapp.com. When I go to my real domain, mysite.com, the site is completely reachable but doesn't seem to have the certificate. I'm pointing the DNS entry to the exact result of 'heroku domains'; note that this entry has not changed since I added SSL it seems. It ends in a .herokudns.com not .herokuapp.com or herokussl.com like I've seen in some of the previous answers on Stack Overflow. I assume that Heroku recently changed this requirement for setup.
I've already waited a few hours. I assume I must be doing something wrong, but I think I've followed the guide correctly, and there are so few steps, so I'm at a loss...
As Chris pointed out in the comments, the solution was heroku is doing something which prevents normal redirection of http to https. This post is very helpful for node js:
https://jaketrent.com/post/https-redirect-node-heroku/
I run a website affectionaries.com that has a valid SSL certificate hosted by Hostgator.
It has come to my attention that when searching in Google for terms such as "Affectionaries" or "Cupcakes Runcorn" an other domain appears higher up the SERP's using my meta data an is unrelated to my business. If you click the link for (https://www.miamiboxpanama.com/) then it takes you to an insecure warning page! Under advanced it tells you:
www.miamiboxpanama.com uses an invalid security certificate. The certificate is only valid for the following names: affectionaries.com, www.affectionaries.com Error code: SSL_ERROR_BAD_CERT_DOMAIN
I can not figure out what is going on here...
So far I can see that this domain is on the same nameservers and IP address as my site.
Has anyone have experience with this and know a solution to resolve this matter?
www.miamiboxpanama.com resolves to the same IP address as affectionaries.com (192.254.231.2). So both names lead to the exact same web server, and therefore also the exact same SSL certificate. Since that certificate is only for the name affectionaries.com, the browser correctly issues a warning when the name it used was www.miamiboxpanama.com.
This looks like a configuration error at Hostgator. You may want to contact them and ask what's going on.
The domain in question is https://prophpbb.com
The certificate previously worked without issue. There have been no recent changes or cPanel updates. When trying to debug, the ssl cert being requested is clearly not what I have installed. In fact, it looks empty aside from some cryptic stuff, like the issuer email (see point 2). I suspect there might be DDoS mitigation going on either with HostDime, my datacenter, or globalsign, but I'm really spitballing at this point. I'm basing that on these findings:
I can't ping prophpbb.com, but I can ping addaforum.com (on same server)
SSL error returns net::ERR_CERT_AUTHORITY_INVALID and when I inspect the certificate, the issuer email is shown as: protect#DDoS-Filter.domain and the domain it's supposedly returning is "server" which is obviously not correct. The cert is issued by globalsign through the alphassl reseller ssl2buy.
What I have done to try to resolve this:
1. revoke the original certificate and reinstall it
2. rebuild cPanel's SSL cache via /scripts/rebuildinstalledssldb
3. restart apache
4. update cPanel from v60 to v62
5. disabling the software firewall (CSF)
I cannot find anything on Twitter regarding a globalsign outage. I put in a ticket at ssl2buy and at HostDime for good measure. Can you help me to understand what this issue is attributed to?
*edit - received a reply from HostDime. This was, indeed, caused by their DDoS mitigation. They resolved it quickly.
I edited the original post to note that it was resolved by the datacenter and it was due to DDoS protection. Replying here to mark it as solved.
I've just started my linux security classes and my task is to set up an apache2 server (nginx is allowed aswell but chose the first one) with configuration listed below:
There is one domain (localhost) with different subfolders:
/ssl (any user can access, force redirect to https)
/ssl/user_1 (access with certificate "user_1")
/ssl/user_2 (access with certificate "user_2")
/ssl/any (access with any certificate (user_1, user_2))
/no_ssl (access without certificate)
I don't have much experience with apache2 but succesfully managed to set it up and configured basic ssl. However, I managed to set just one certificate for all folders/subfolders - I've been digging through whole Google (I have three pages of results marked already as visited..) but could not find a proper solution, tutorial or docs how to set up few different certificates, each for a different folder. I found few but it's often the case that the code was written few years ago and does not work anymore in the new version.
I'm not asking for a full solution but I'd appreciate if someone could point me in the right direction or provide some good tutorials/docs about the matter. Some configuration snippets would be awesome aswell of course!
Thank you so much in advance,
F.
I don't think I'm giving too much away when I say you are misunderstanding that part of the question. You are assuming that user_1 and user_2 are server certificates.
This is about client certificates - otherwise options 1 and 4 are the same. Also I think this is implied with the certs being user_1 and user_2 rather than server_1 and server_2. So go read up about client certificates.
Saying that I still don't know how to do this simply for options 2 and 3 so it's still a tricky question. Let us know how this is done after the assignment is finished for my own curiosity and good luck figuring it out yourself!
I have a problem with a self-signed SSL certificate not being accepted on my Windows 7 box. I need this because the QuickBooks web connector will not address my CRM except over HTTPS, and the CRM is hosted on an intranet-only Linux server.
I followed the instructions here, and then used certmgr.msc to import the certificate on the client machine. The import appeared to be successful, and I can see the certificate in the "Trusted Root" store:
The problem is that it doesn't work; QBWC still reports it can't connect due to an authentication error, and my browser still rejects the certificate:
Could someone please give me an idea what I'm doing wrong? Thanks in advance!
The correct answer was propounded by #RickK - I had issued the certificate in my own name, instead of the domain of the server. The prompts in Apache make this rather confusing; it really looks like you're supposed to put your own name in the "Common Name" field, and the tutorial I followed seems to advise the same thing.
Anyway, I reissued the certificate, changing the CN field to "apps," and everything is working now. Thanks to #RickK and #pulkitsinghal for your helpful input. (And sorry for the delay in my response - this project got pushed to the back burner for awhile.)