I don't know much about this topic, but have a site (shared hosting) and want ssl for it. Got a certificate from letsencrypt (for both www and plain mydomain.com), they verified it successfully, so I put the cert and private key into the ssl config part of cpanel. Cpanel marked the inputs valid but then gave me the following error
The certificate could not be installed on the domain “mydomain.com”.
error Certificate verification failed!
Certificate verification failed:
unable to load certificate
140495454865312:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:812:
I have no idea what this means. Any help would be appreciated.
Got it working by making sure every line was exactly 64 characters long
Related
As part of updating the SSL/TLS certificate of the web server deployed in the Kubernetes(which the current one will expire soon), I updated the Kubernetes secret (kubernetes.io/tls) with the new crt and key.
After that, the application works fine in the browser.
But, the API calls to the server, (From some python applications running in some pods) are hitting some SSLError.
The same will work if I restore the old certificate for the server.
The error is:
requests.exceptions.SSLError: HTTPSConnectionPool(host='hostname',
port=443): Max retries exceeded with url: URL(Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1131)')))
I tried to resolve this by creating the crt and key in different ways from the pfx file.
But the issue remains.
I did some search on - if anything to update in the Kubernetes cluster as part of the certificate change and I couldn't find a solution.
Any help will be greatly appreciated.
The issue was, the certificate I installed was without the intermediate certificate. The browsers may "fill in the gap" by searching for the missing certificate. Re-install the certificate with the complete chain resolved the issue
I am trying to publish my Alexa skill using Letsencrypt SSL Certificate.
Google Chrome does not show any warning icon if I browse to my https URL using letsencrypt certificate.
However, when I try to test using Alexa console, an error occurs as :
"SSL Handshake failed".
I see on Amazon Alexa forums that there is a buzz around letsencrypt support.
Some posts say it is supported and some say it isn't.
Could someone here clarify whether letsencrypt free SSL certificate is supported for building custom alexa skills ?
Download the contents of your fullchain.pem cert, from /etc/letsencrypt/live/<domain>/fullchain.pem on your server
On your skill config page, select the "SSL" Tab.
Mark "I will upload a self-signed certificate in X.509 format."
Paste the contents of your fullchain.pem file.
I was able to get a Let's Encrypt wildcard certificate working with an Alexa custom skill after choosing the option "My development endpoint is a sub-domain of a domain that has a wildcard certificate from a certificate authority" in the developer console.
I also had an issue with a Nginx reverse proxy configuration that caused a failure in the Alexa Simulator and provided no helpful error. Fortunately you can also use the Manual JSON option which yielded the error "Cannot establish SSL connection to your skill endpoint".
I was able to track the issue down to the ssl_ciphers value in the ssl.conf file. Even though it was compatible with the Intermediate Security recommended setting for TLS 1.2, I had to comment it out to make it work. I hope someone else can determine why Amazon servers reject the certificate when this setting is used, it could be that TLS 1.3 is now required.
I purchased my SSL certificate from GoDaddy.
I made the common name www.mywebsite.com.
In my DNS settings I have the website forwarding from the naked domain to the www.mywebsite.com.
I removed any settings inside Heroku regarding the SSL certificate from the GUI.
Then I went through the instructions here.
To recap, I generated my server.key by first creating the crs files and sending those to GoDaddy.
I purchased the $20/mo endpoint.
GoDaddy gives me a downloadable ZIP for my certificates, one with one certificate, and one with 3 certificates inside of it.
I run the following command to install the bundled version first with the following failing message that follows:
heroku certs:add server.crt server.key --type endpoint
No certificate given is a domain name certificate.
The reason I even tried to use the bundle is that my SSL doesn't work in firefox, and intermediary cert is not being included. After looking around for an answer on this, I couldn't find one.
So to get my website back up and running in the short term, I decided to just do what I did before, and upload the single cert. That works, but not really.
Now I get this message when I run the cUrl test:
* error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
Also, my website is down. :(
How do I fix this?
The answer in my case seems to be that purchasing an SSL cert is not necessary on Heroku. When you purchase a paid hosting package they provide SSL certificates by default without having to buy their SSL add-on endpoint.
There are likely other use-cases for using a paid SSL cert, but in my case I didn't have to do that.
If this answer helped you please upvote this question as some people seem to think it's a question worth down voting.
:)
I'm using GoLang to start an https server.
according to https://www.ssllabs.com/ssltest my certificate configuration is Grade A with the warning Chain issues - Contains anchor.
In my previous post (GoLang with http ssl GoDaddy's certificate - This server's certificate chain is incomplete.), #VonC helped me for the second time and also alerted me of that warning.
I tried everything I could think of and couldn't resolve the issue. GoDaddy as a repository of certs and I tried to download gdroot-g2.crt and configure it as RootCAs, I tried download the intermindate certificate named gdig2.crt and configured it as ClientCAs, but the results are the same.
what am I missing ?
for full code please view my previous stack overflow post at GoLang with http ssl GoDaddy's certificate - This server's certificate chain is incomplete..
I got an issue from my client regarding the SSL setup for his website. I'm not familiar with the SSL certification setup process. He is saying that We have an SSL certificate for this server but I can’t tell if it’s setup properly or not.
If I open that website, firefox says Warning: Contains unauthorized content. I am seeing some details in the warning message window which are given below:
Web site: mydomain.com
Owner: This web site does not supply ownership information
Verified by: Not specified
Mainly I want to know whether the SSL certificate used for this site is valid or not. Can anybody suggest a way to check for the SSL certificate validation of a website.
Thanks
Telnet the server on port 443. If it is responding then it is a certificate problem
To install certificate
Check this