I did my project in MEAN stack. I have installed GeoTrust Wildcard SSL certificate. It worked very well till yesterday. From today morning onward, it returns an error : "Your connection is private".
I don't know why this error occurs suddenly in any browser while run an application. It required to adding manually in exception lists to visit site. Right now I am not able to keep going my site. Certificate having 1 year validity and it was renewed in last month.
Please review attached images.
Give me guideline to solve this issue.
The certificate installed has expired. Looks like you have not installed or assigned the new certificate to your website.
Related
I'm getting errors, such as the one below, in my /var/log/mail.log file.
Apr 9 18:28:29 blueberry postfix/smtps/smtpd[13294]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:../ssl/record/rec_layer_s3.c:1544:SSL alert number 45:
I'm 100% sure the certificates are valid since I'm using them on my websites, all of which couldn't be happier with them. Postfix was also happy previously, but since I renewed the certificates it's been spamming this when my Nextcloud server tries to (and can't) connect to the mail server, despite my mail client still working (although without rDNS as I didn't manage to get my provider to set it up).
I assume the blame is somewhere with Nextcloud - presumably the php handler for mail. Another thing that could be at fault that I tried to check is OpenSSL, but I have no idea how to replace its certificates with my own (generated by Acme.sh).
Both dovecot and postfix have in their config mentioned the correct path to my keys, hence the assumption above.
EDIT: Fixed it.
So, turns out, when I updated my certificate locations when I changed the method of acquiring them (certbot vs acme.sh), I got a typo in one of the filenames. /etc/dovecot/conf.d/10-ssl.conf was correct and so was /etc/postfix/main.cf, but /etc/postfix/vmail_ssl.map had a typo which I didn't see previously - and so was throwing a certificate error.
I installed a new fresh Bigbluebutton server on VMware without domain and SSL, after installing bbb-demo when I logged in, it showed an empty blue screen. In the browser console this exception was written:
Uncaught TypeError: Cannot set property 'ondevicechange' of undefined
The last time when I face a similar situation, I try to set a self-signed SSL but it just makes lots of problems and it didn't work.
How I could solve this error?
Finally, I've solved the problem. In this address ffdixon(product manager for BigBlueButton) said:
We need to update the docs -- you must setup an SSL certificate for BigBlueButton or it won't load. If you see "Not Secure" on your browser URL, BigBlueButton will not load.
I didn't have any valid IP or domain for my VM, So I created a valid SSL with one other domain(not belong to my VMware) and setup bbb to use SSL based on this article.Then set /etc/host to redirect SSL domain name to my local IP.
I´ve tried to add a SSL-Certificate to my webpage with Lets Encrypt as verifier. After I followed the steps described at https://certbot.eff.org/lets-encrypt/ubuntutrusty-apache I got an
Your connection is not secure
error. I´ve tested the SSL Connection with https://www.ssllabs.com/ssltest/analyze.html and got an "DNS CAA" warning. After I found out that I have to add the verifier to my DNS (xyz.com 3600 0 issue "letsencrypt.org") the warning disappeared, but I still get the error.
I´ve checked the page with https://www.whynopadlock.com as well, and the only warning I get is
You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.
but the warning states that this should not break my padlock.
I thought that smth. might be cached at the DNS (if this is even possible), but I dont know for certainty. I´ve tested the page on multiple devices and all of them get the error.
I´ve found the problem.
The "www" is somehow missing when I browse the page, so the cert. is registered the the page with "www" in front of it. I´ve created another cert with the missing "www" and now it works
I'm trying to retrieve data from an open data api. I have downloaded the certificate from the site and imported it into STRUST (SSL Client Anonymous).
Then I created a HTTP connection to external server in SM59. In the beginning it worked fine, until last week when the api changed its URL and so its DNS.
Of course it could no longer be reached by the current host. So I did above steps again for the new URL (changed everything accordingly like hostname etc. in SM59), but this time I receive following error:
SSL handshake with 'hostname:port' failed: SSSLERR_CONN_CLOSED (-10)#Remote
Peer has closed the network connection##SapSSLSessionStartNB()==SSSLERR_CONN_CLOSED##
Anyone has an idea on how to solve this?
On another forum someone helped me solve the problem. He pointed me out that the problem lies with SNI see: https://security.stackexchange.com/questions/101965/ssl3-error-when-requesting-connection-using-tls-1-2/102018#102018
https://en.wikipedia.org/wiki/Server_Name_Indication
To solve this problem you need to add following parameter: icm/HTTPS/client_sni_enabled and set it to TRUE on the DEFAULT profile. Afterwards you need to restart the application server in order to activate the effects of the parameter.
Link to the full question on SCN: https://answers.sap.com/questions/473015/sap-ssl-handshake-failed.html
EDIT:
I came across this error again later on, but this time it seemed that the error was caused because we used a certificate with TLS 1.2 which was not supported by our system. You can check this link: https://launchpad.support.sap.com/#/notes/510007 we implemented number 7 to fix this.
A couple of days ago I tried to renew my ssl certificate. From my provider I got the usual private key, intermediate and public key. So I went ahead and exchanged the files on my server. But ever since I did that the website hasn't been working anymore. In Chrome I always get the error "ERR_CONNECTION_CLOSED".
So I enabled ssl debugging for apache in my vhost config. I found the following error in the logs but couldn't figure out how to solve this:
AH00566: request failed: malformed request line
Has anyone seen that error before? I already googled but couldn't find any helpful information.
Any advice and suggestions will be greatly appreciated.
Thanks,
Andreas