/ Register

Welcome to Centmin Mod Community
Register Now

SSL Letsencrypt Typo: Domain without valid SSL

Discussion in 'Domains, DNS, Email & SSL Certificates' started by EckyBrazzz, Jun 17, 2019.

Previous Thread Next Thread
Loading...
  1. Jun 17, 2019 #1
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    7:45 PM
    Latest
    Latest
    Setting up a domain under option 22, made a typo when selecting the HTTPS, but without an error message it installed the domain without any problem without HTTPS by default. I guess it installed option 1 instead of 4 because when going to the domain with https got a warning that it was untrusted.
    Code (Text):
    You have 4 options:
1. issue staging test cert with HTTP + HTTPS (untrusted)
2. issue staging test cert with HTTPS default (untrusted)
3. issue live cert with HTTP + HTTPS (trusted)
4. issue live cert with HTTPS default (trusted)
Enter option number 1-4: ]4

    @eva2000 Please verify input of users in ALL options. This is number * that I report.

    Error typo 22-1 and no cron entry
     
    Last edited: Jun 17, 2019
  2. Jun 17, 2019 #2
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    8:45 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Not really a bug. If typo domain, then letsencrypt domain validation will fail so no letsencrypt ssl cert, and fall back to centmin mod's own self-signed ssl instead

    No way to verify if a user's domain name is the intended domain - only end user would know that :)

    Letsencrypt ssl certificates are domain validated so to issue a ssl certificate letsencrypt server checks if the domain name the ssl cert is for is pointing to the correct server IP which is configured via DNS A record pointing domain name to server IP. If letsencrypt can't verify the domain is pointing to the correct server IP via DNS record check, letsencrypt will fail to issue a ssl certificate.
     
  3. Jun 17, 2019 #3
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    8:45 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    oh re-read that type was in selection choice and not domain name !

    i see
     
  4. Jun 17, 2019 #4
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    7:45 PM
    Latest
    Latest
  5. Jun 18, 2019 #5
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    8:45 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    ok updated 123.09beta01 with fix to check for invalid option selection/typos - cmupdate will update your local 123.09beta01 code :)

    example
    Code (Text):
    Do you want to continue with Nginx vhost site creation ? [y/n] y

Enter vhost domain name you want to add (without www. prefix): f.test.com

Create a self-signed SSL certificate Nginx vhost? [y/n]: n
Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y

You have 4 options: 
1. issue staging test cert with HTTP + HTTPS (untrusted)
2. issue staging test cert with HTTPS default (untrusted)
3. issue live cert with HTTP + HTTPS (trusted)
4. issue live cert with HTTPS default (trusted)
Enter option number 1-4: 5


error: you entered invalid option = 5
aborting run...
     
  6. Jun 18, 2019 #6
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    7:45 PM
    Latest
    Latest
    There are more places to fix:( Already ran into many of them.
     
Previous Thread Next Thread
Loading...

.