I am already 3 hours fighting with setting SSL certificate for a Heroku app. I am following this tutorial, but when I run
heroku certs:add server.crt bundle.pem server.key --app my-app-name
I always get this error:
Resolving trust chain... failed
! No certificate given is a domain name certificate.
I have bought the SSL certificate at DNSimple. What's is still wrong, why am I missing. It makes me despair, even Google didn't help...
All help will be appreciated.
In my case the ZIP file I downloaded from my SSL provider contained 2 .crt files and I picked the wrong one when running the certs:update. Re-running with the other .crt file solved the problem
Seems like your certs and your bundle are not resolving properly, i.e. either the trust chain is broken (not all certs exist in bundle for domain -> intermediate CA -> root CA) or alternatively your cert is not valid for the domain that Heroku is expecting.
Make sure the fully qualified domain name in your cert matches the domain you are using.
Related
I have a VPS with Apache2.
I have installed SSL before in my websites, but always form freeSSL or ZeroSSL, they give me 3 files:
Private.key
ca_bundle.crt
certificate.crt
I replace them for the old ones and all is peachy (I configured it once and just replace the files on reactivation).
Now I have issued a year long SSL service from Comodo SSL, and they send me a mail with this information:
"Thank you for placing your order. We are pleased to announce that your PositiveSSL Certificate for * has been issued.
Attached to this email you should find a .zip file containing:
Root CA Certificate - AAACertificateServices.crt
Intermediate CA Certificate - USERTrustRSAAAACA.crt
Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt
Your PositiveSSL Certificate - ***.crt
You can also find your PositiveSSL Certificate for ** in text format at the bottom of this email."
And I really have no Idea what to do... I tried Google but can't find any guide, they talk about CSR or other things and I just want to install this and forget about it for a year like I did before for 90 days...
Please help me, I need to have SSL running for my Magento 2 installation to work.
To use a certificate you need the certificate file itself (.crt) AND the key file (.key) ( Extensions may vary but, as you know, on linux it doesn't matter): if you're missing one of these, you're pretty much screwed.
To get a certificate, the following steps are necessary:
a key file needs to be generated
from the key file a CSR is generated
the CSR is signed by a CA (for you it's Comodo) and the result is the certificate file
The key file and the csr can be generate by you (who are requesting the new certificate) or (in this case) by Comodo during the procedure you followed. According to what you wrote, probably, during the procedure you've been asked to provide a key or let them generate one and you picked the 2nd option.
I've never used Comodo so I don't know how their interface works but IMHO you have 2 options: login with your account and look for an area where you can download the certificate and check for the possibility to download the key too OR contact them and ask for support to download the key file.
There is no way to use the certificate file without a key file.
I generated the certificate using an option of my webhosting service (Hostinger) to buy a comodo SSL certificate, as I said the email of Comodo didn't give me the key file BUT, after some hours the comodo ssl service started showing on my webhosting control center and going through some menus I reached a button called "download SSL", that downloaded a ZIP with the same files PLUS the key file. This was very random and nowhere stated, and I found it by coincidence but is solved. Thanks. The other option was to reach Comodo or Hostinger for help.
So we have a self-hosted version of Atlassian BitBucket running on Ubuntu server which holds the code repository. We use a SSL certificate from DigiCert . Every year we renew the certificate which has never caused issues. However this time most of the developers are getting the following error when pushing and pulling code from GIT after the certificate was renewed
fatal: unable to access : SSL certificate problem: unable to get local
issuer certificate
Another Error:
fatal: unable to access : Peer's Certificate issuer is not
recognized.
However, when we try to access the website using Chrome (or any other browser), it works fine and there is no error
All searches online point to this error when you're using a self-signed or internal PKI certificate. We are totally stumped on why a certificate issued by a public authority like DigiCert is getting this error.
Any help on this would be highly appreciated.
Ensure the root cert is added to git.exe's certificate store as discussed here.
Tell Git where to find the CA bundle by running:
git config --system http.sslCAPath /absolute/path/to/git/certificates
or copying the CA bundle to the /bin directory and adding the following to the gitconfig file:
sslCAinfo = /bin/curl-ca-bundle.crt
Reinstalling Git.
Ensuring that the complete CA is present, including the root cert.
Check www.atlassian.com more ssl errors for resolutions.
I got an email from COMODO.
the file is:
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
domain_file_.crt
i set this by directadmin and copy files to private_html folder.
now when i check certificate show error:
https://www.sslshopper.com
How can I fix?
tank you.
I think you have not installed SSL correctly on your domain and due to that you are facing this issues, Please add CA bundle while installing SSL for your domain so that you will not get any error with the SSL,
http://www.geotrust.eu/en/support/manuals/directadmin/directadmin/install+certificate/
I am trying to add a self-signed certificate to one of my apps on Heroku. I have followed the guides from the Dev Center.
https://devcenter.heroku.com/articles/ssl and https://devcenter.heroku.com/articles/ssl-certificate-self
After I have generated the self-signed cert I try to add the cert by
heroku certs:add server.crt server.key
And get the error message:
Resolving trust chain... failed
! No certificate given is a domain name certificate.
I am not sure what that means or how to fix the problem.
You have to set the CN to the domain you're issuing the certificate for.
I'm trying to install a Comodo SSL certificate on a shared server, which has directadmin installed. I have assigned the user an unique ip address, made the CSR request and uploaded the certificate.
In directadmin I get the response that both the certificate and private key are saved. Unfortunately, when I browse to the https://www.domain.com I get a SSL error, saying that the certificate is untrusted, because it is self-signed.
I'm confused why this error occurs. It seems to me that I followed the correct steps to install the Comodo ssl certificate. I also tried deleting the private key and certificate through the command line on the server. But this does not seem to resolve the error.
What direction should I be looking into solving this issue?
Check if you installed the intermediate certificate. You have to list one or more intermediate certificates in the field for your public key.
You can also use the GlobalSign OneClickSSL plugin for DirectAdmin and let the plugin do everything for you automatically.
See: https://www.globalsign.com/ssl/oneclickssl/directadmin/
And: http://www.youtube.com/#/watch?v=tVP9i6Ing1M