I have application VueJs (Nuxt) and its admin panel on WordPress, communicate through the REST API, are located on the same domain, the admin panel is in a subfolder.
Now the domain has a self-signed certificate from LetsEncrypt, Certbot. Everything works fine, except that periodically, users displays a message that the certificate is unsafe.
Therefore, a paid COMODO certificate was purchased.
After its installation, Vue stops working with an error
500 Server error. NuxtServerError. Unable to verify the first certificate
In this case, the admin panel works correctly and shows the correct certificate data.
Surprisingly, if you deliberately enter a non-existent site address, the frontend error page 404 opens, which contains site navigation, after which you can fully use the site, navigate through the all pages before the first manual reload (eg ctrl + R).
What could be the reason for this error?
Mistake is not chained ssl cert
$ cat www.example.com.crt bundle.crt > www.example.com.chained.crt
Related
The problem:
I have 2 websites that have the same IP address (a domain and a subdomain), and I have an SSL certificate for each of them. The domain is a word-press site while the sub domain is a ruby on rails application. the subdomain has the certificate installed and works with no problems, but when I try to add the second certificate for the main domain, it works, but it prevents access to the subdomain.
In the web browser inspection page it shows this error :
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://monthly.giladparking.com' is therefore not allowed access.”
What I have tried:
I have followed this tutorial to allow for SNI support and it seems to work except for the previously mentioned issue.
I have taken a look at this post as well which explains that you can't make XMLHTTPRequests across domains. but this issue only arises when both certificates are in effect.
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php....
The certificate for this sites is valid for monthly.giladparking.com and www.monthly.giladparking.com but not for giladparking.com. That's why any access to this site will fail with a certificate error. This problem is not restricted to XMLHTTPRequests.
I am trying to access ayushho.com/my-account and getting the error message called "This page is not available". I have just installed a new SSL certificate and certifate checcker confirmed that SSL installation is correct.
Friendly URL set to Yes. and Shop Domain and SSL domain name set to ayushho.com and https://ayushho.com.
Why i am not able to access any other page apart from main page.
I am having a domain chansek.com, hosted in Openshift through a Wordpress application. But the problem is, when I am trying to open my Wordpress Admin, it's always trying to connect through https instead of http. As I don't have any SSL certificate, it gives me some warning message. Please see the below screenshot for better understanding.
How do I make it go through http? I don't want any SSL certificate for my website as it's a personal blog.
I am also trying to use JetPack plugin. But it gives following error.
Your website needs to be publicly accessible to use Jetpack: site_inaccessible Error
Details: The Jetpack server was unable to communicate with your site
https://www.chansek.com [IXR -32300: transport error: http_request_failed SSL:
no alternative certificate subject name matches target host name 'www.chansek.com']
You have a couple of options:
1.) Disable using SSL for the admin in your wp-config.php file. (Openshift redirects wp-admin to https)
2.) Upgrade to the bronze plan and the purchase a custom ssl certificate and install it
You are getting that error from jetpack because the ssl certificate is not valid for your custom domain, only for your app-domain.rhcloud.com address.
I have a ruby on rails 3 app hosted on heroku with a custom domain. It uses oauth to allow the user to log in through Facebook. After a user logs in through Facebook, the next time they type in our domain in Firefox (tested on FF 15.0.1 on Mac) it automatically fills in https before the address (So the user is used to typing "example.com" into the address bar and pressing ENTER, but Firefox changes that to https://www.example.com). This of course shows the "This Connection is Untrusted" warning page (http://support.mozilla.org/en-US/kb/connection-untrusted-error-message) since we do not have an SSL certificate instead of loading our page.
This only seems to happen with Firefox (tested on Chrome and Safari as well).
I've tried redirecting the rails action that we point to for root to the http protocol version using this example (http://captico.com/securing-specific-routes-in-rails-3/2011/02), but that didn't work. I've also tried adding the ssl_requirement gem (https://github.com/bartt/ssl_requirement) and excluding the action that we point to for the root domain, but then I just got a bad URI error.
We're in money saving mode right now as we test out the site and slowly grow in users. I believe the best thing to do is to pay the money for our own SSL cert, as well as the $20/month to heroku to get SSL for our custom domain. But for now, we'd like to avoid having these extra costs.
Is there a way to fix this for free?
To fix it for free, use the *.herokuapp.com domain instead of a custom domain.
I was under the impression that if a user attempted to visit a website that had been secured with an SSL certificate, but did not use HTTPS and instead used plain HTTP in the address box, a 403;4 error would be generated, and that an errormessage something like this would be presented:
"This page must be viewed over a secure channel"
"The page you are trying to access is secured with Secure Sockets Layer (SSL)."
But that's not happening on our website. You can use http://secure.oursite.com or https://secure.oursite.com and both work fine.
The company that issued the SSL certificate says our certificate checks out OK in their certificate checking tool and that it's "chaining properly" and that this is an IIS configuration issue.
Does this SSL over HTTP error checking have to be explicitly enabled?
I was planning on creating a custom error for the 403;4 condition, pointing to a file, which redirects to https://secure.oursite.com. But the error condition is not being trapped by IIS.
EDIT: I've stopped and restarted the server. Not solved.
Thanks
As per this article have you checked the "Require secure channel (SSL)" box in the properties for your site? This is what triggers the error. You can then create the redirect using a custom error page.
a 403;4 error would be generated
That's not what happens in my site. My site automatically redirects to the HTTPS port. It's done free of charge by Tomcat.