SSL Cert Not Working

12 posts / 0 new
Last post
#1 Wed, 07/27/2016 - 13:06
stinkydipstick

SSL Cert Not Working

This may be a bit of a new question, but I set up an SSL certificate with Let's Encrypt using the Virtualmin functionality for it. I copied the cert to all applicable facets (Webmin, Usermin, Dovecot, etc.). I'm able to successfully connect with the certificate on all of the protocols except for the actual domain.

In other words:

https://www.domainname.com:10000 ---> WORKS

https://www.domainname.com:20000 ---> WORKS

IMAP ---> WORKS

but,

https://www.domainname.com ---> NOT WORKING

When I go to the root of the domain (as shown on the previous line) Chrome tells me that the CA is not valid, and - on further inspection - it seems to be a self-signed certificate.

Am I missing something or doing something wrong?

Thank you for all the help in advance!

Edit:

Things I've tried:

1) Getting re-issued another SSL certificate.

2) Checking to see if port 443 is open. Even disabling iptables altogether hasn't worked.

Thu, 07/28/2016 - 00:11
andreychek

Howdy,

Hmm, if you look at the SSL certificate when browsing to your domain that isn't working -- is the self signed certificate for the domain in question, or is it for a different domain?

I suppose I'm wondering if maybe an incorrect domain is answering those requests.

-Eric

Thu, 07/28/2016 - 08:16 (Reply to #2)
stinkydipstick

It's a self-signed certificate for the same domain. I confirmed this by looking at the certificate and the "Issued to" and "Issued by" fields are both filled by the domain in question. (see here: https://gyazo.com/2d963def69f69c45bc96100d69d8d6b1)

Upon viewing the certificate for ports 10000 and 20000, the certificate is normal (see here: https://gyazo.com/405473bcb6c2f217b87699caf7950c80)

Thu, 07/28/2016 - 02:19
unborn
unborn's picture

hi, what distro you are on? btw sometimes when you do change cert while you working on site, its cached. perhaps you can try clear the cache on your browser and restart the browser. I had that issue last time and chrome was giving me error due to site been cached. I am not sure how this could be connected to ssl error but clearing browser cache worked instantly. Also if you have another browser in your system try to load page there.

Configuring/troubleshooting Debian servers is always great fun

Thu, 07/28/2016 - 08:20 (Reply to #4)
stinkydipstick
[root@[redacted] ~]# cat /etc/*-release
CentOS Linux release 7.2.1511 (Core)

I tried clearing my cache when I was setting up the SSL, and it made no difference. I just tried it again, and I still get the same error. Also used Qualys' SSL integrity test and the results confirmed that no certificate with a trusted CA was found on the domain.

Thu, 07/28/2016 - 13:33 (Reply to #5)
unborn
unborn's picture

ah.. sorry I perhaps did not read properly and I did not noticed before that you are running centos - I cannot help on that, as I am running debian (i've just seen this from your last comment here).

However there are folks who had same exactly issue like you have or very similar and they've sort it somehow. I would advice you to search via forums here - there are posted fixes to this. On other hand no issues on debian at all. In my case all I had to do was clearing browser cache - once again, I do not fully understand how browser cache could do this as ssl cert is never cached.. anyway, im sorry but I cannot help you on this one. Good luck.

Configuring/troubleshooting Debian servers is always great fun

Thu, 07/28/2016 - 21:17 (Reply to #6)
stinkydipstick

I searched the forums before posting here and wasn't able to find anything referencing the issue. Is it not the "site search" link at the bottom of the page?

Thu, 07/28/2016 - 19:32
Diabolico
Diabolico's picture

@stinkydipstick When you applied new certificate did you apply appropriate CA certificate, e.g. certificate authority. Each SSL certificate come wit at least 2 files, one is domain.crt and second file domain.ca or domain.ca-bundle or something similar. I didnt see from your post if you applied both files or just one. Your problem usually pop out when your CA certificate is wrong or its missing (people like to forget to apply CA file).

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Thu, 07/28/2016 - 21:06 (Reply to #8)
stinkydipstick

I'm using the Let's Encrypt module. It auto-installs it for me. I just tried updating the server cert and key along with the CA certificate. No dice. I still get the same error.

Thu, 07/28/2016 - 21:34
stinkydipstick

@andreychek

@unborn

@Diabolico

I didn't find the issue, but a server reboot seems to have fixed the issue.

Fri, 07/29/2016 - 01:54 (Reply to #10)
unborn
unborn's picture

Glad to hear that!

Configuring/troubleshooting Debian servers is always great fun

Mon, 08/08/2016 - 10:02
stinkydipstick

Gonna post here again as I have a question regarding this still. So, restarts seem to fix the issue, however, after time, the same issue keeps happening. The cert is changed from a cert signed by LE to a self-signed certificate. Any reason why this would be?

Topic locked