Is there a way to enforce SSL for sites from VM control panel?

5 posts / 0 new
Topic locked
Last post
#1 Fri, 02/24/2017 - 02:55
netizen

Is there a way to enforce SSL for sites from VM control panel?

Hello,

I have a server which is using Joomla inside. The VM server has Letsencrypt SSL certificate working nicely if you request the site directly by typing https://www.mydomain.com I loaded Joomla and then from inside Joomla (Global Configuration - Server - Force HTTPS) I selected "Entire Site" as well as "Administrator only".

Both options did not work and Joomla responded with:

Warning

HTTPS has not been enabled as it is not available on this server.

Although Joomla also responded: Message Configuration successfully saved ...the setting was not actually saved.

I don't know if this is a Joomla issue or VM issue so I would like to hear your thoughts. My aim is to serve automatically via https. Any help is much appreciated.

Fri, 02/24/2017 - 12:58
netizen

Anyone?

Sat, 02/25/2017 - 16:44
Diabolico
Diabolico's picture

Go to https://www.ssllabs.com and check your website. You can use current Joomla or its enough empty inedx.php/html file, just to avoid possible complications with "Forbidden" message.

If the test is ok then its Joomla, if the test fail then its your server. In case of the server it could be how Virtualmin installed SSL, wrong/bad chippers or missing/bad SSL configuration. Hard to say without more information, but that site should give you some idea what is wrong.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Sun, 02/26/2017 - 02:58
netizen

Hi there. Thank you for the reply.

I was about to write you that the test responded with "Overall Rating: A" however I decided to expand all sections in the report in order to see the details. I was surprised to see that "Certificate #2 RSA 2048 bits (SHA256withRSA) No SNI" when expanded it shows a certificate which corresponds to ANOTHER domain in the same virtualmin server (!) and of course is labelled as NOT TRUSTED.

From Certificate #1 all seems ok apart from "DNS CAA which shows "No" in orange colour.

Important detail however: - Both of those domains use letsencrypt certificates

a) Is it normal for the tester to bring another SSL certificate from within the same machine? b) Is the "DNS CAA No" section a problem here?

Note as well that when I tested the other domain it does NOT show a "Certificate #2" at all (and the result is A)

Any ideas?

Sun, 02/26/2017 - 15:09
Diabolico
Diabolico's picture

For DNS CAA you will need to manually edit your zone file. In your case you should add:

yourdomain.tld. CAA 0 issue "letsencrypt.org"
yourdomain.tld. CAA 0 issuewild ";"
yourdomain.tld. CAA 0 iodef "mailto:webmaster@yourdomain.tld"


*Check google what this records means.

For the rest without seeing what is about its hard to say.

I would understand in case of the test server or server what is not (directly) facing the web, but holding back public available information just doesnt make sense. Give us more info about other problems otherwise its hard to help you.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Topic locked