Discover Centmin Mod today
Register Now

SSL Not Secure error

Discussion in 'Domains, DNS, Email & SSL Certificates' started by DaB, Jun 17, 2017.

  1. DaB

    DaB New Member

    10
    2
    3
    Aug 10, 2016
    Ratings:
    +2
    Local Time:
    7:53 PM
    Current
    Current
    I have installed Wordpress via Option 22

    If I try and visit the site via https Chrome shows the site as not secure.

    Where do I need to look to resolve this?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,193
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,143
    Local Time:
    4:53 AM
    Nginx 1.13.x
    MariaDB 5.5
    by default self-signed ssl cert is generated in centmin mod vhost routines and self-signed ssl cert are not web browser trusted so yes they are marked insecure

    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

    You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

    If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
    For you, best is method 3 for existing non-HTTPS vhost method is best as you already created vhost and is safest method.

    If the new vhost wordpress site is disposable, i.e. you can wipe it and recreate it easily - you can delete existing vhost site outlined here and using 123.09beta01, probably better to enable letsencrypt integration support outlined in method 2 above setting LETSENCRYPT_DETECT='y' in persistent config file + update domain dns to point to server ip and ensure dns update is propagated. Then running centmin.sh menu option 22 which will now have additional letsencrypt options and choose 4th option for live https default letsencrypt ssl cert. Then centmin.sh menu option 22 will auto create a fully trusted free letsencrypt ssl based HTTPS wordpress site out of the box.
     
  3. DaB

    DaB New Member

    10
    2
    3
    Aug 10, 2016
    Ratings:
    +2
    Local Time:
    7:53 PM
    Current
    Current
    Getting there!

    The Letsencrypt certificate now works along as I type https://domain.net

    The only problem then is all of my articles return a nginx 404 page.

    If I type domain.net or www.domain.net I just get the standard Centmin Mod Nginx Test Page
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,193
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,143
    Local Time:
    4:53 AM
    Nginx 1.13.x
    MariaDB 5.5
    which method did you use to create letsencrypt certificate ? outline exact steps you did ?
     
  5. DaB

    DaB New Member

    10
    2
    3
    Aug 10, 2016
    Ratings:
    +2
    Local Time:
    7:53 PM
    Current
    Current
    I did a clean install on 123.09beta01 and then option 22.
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,193
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,143
    Local Time:
    4:53 AM
    Nginx 1.13.x
    MariaDB 5.5
    but which method from https://community.centminmod.com/threads/not-secure-error.11995/#post-50947 did you use for letsencrypt ?

    If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
    Code (Text):
    -------------------------------------------------------------
    Setup full Nginx vhost + Wordpress + WP Plugins
    -------------------------------------------------------------
    
    Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    You have 4 options:
    1. issue staging test cert with HTTP + HTTPS
    2. issue staging test cert with HTTPS default
    3. issue live cert with HTTP + HTTPS
    4. issue live cert with HTTPS default
    Enter option number 1-4: 1
    
     
    Last edited: Jun 17, 2017
  7. DaB

    DaB New Member

    10
    2
    3
    Aug 10, 2016
    Ratings:
    +2
    Local Time:
    7:53 PM
    Current
    Current
    Option 4 sorry.
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,193
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,143
    Local Time:
    4:53 AM
    Nginx 1.13.x
    MariaDB 5.5

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    Without the answers to above questions and logs, there is nothing to help troubleshoot.
     
  9. DaB

    DaB New Member

    10
    2
    3
    Aug 10, 2016
    Ratings:
    +2
    Local Time:
    7:53 PM
    Current
    Current
    don't believe it is an SSL issue now to be fair. I think it is an Nginx config problem from what I have googled.

    I will close this thread now thank you.
     
    • Like Like x 1