Sites are insecure, should be secure

Bastiaan Olij bastiaan at muxworks.com.au
Sat Mar 5 03:28:55 UTC 2022 

Hey Das,

Just checked https://goravani.com and it looks fine. Note that you keep 
putting http:// as the link in all your emails. When you go through http 
you do not get an encrypted website. It doesn't automatically switch to 
https unless you configure your webserver to do so. I noticed this is 
happening for your readmyastrology.com site.

So I think you're looking at the wrong issue here, it isn't your SSL 
certificate, its your site not redirecting to https.

Cheers,

Bas

On 5/03/2022 1:03 pm, Das Goravani wrote:
> Well it’s odd, but this cert was auto named Goravani.com because that is the first domain I entered when making the cert.
>
> Now it doesn’t work for Goravani.com <http://goravani.com/> either. It too has started showing an insecure logo.
>
> Now only readmyastrology.com <http://readmyastrology.com/> is secure.
>
> And I opened it in Chrome as you started, looked at what you stated, and it only lists readmyastrology.com <http://readmyastrology.com/> and www variant.
>
> I think that place shows you only the current website, and not the other sites covered by the cert.
>
> Because I entered all 4 sites into the command when I made this cert.
>
> This puzzle has some other cause. I used a multi domain for years and all my sites were secure.
>
> Certbot wouldn’t make them if they didn’t work. They work. And they cover all their sites.
>
> Something else is afoot.
>
> It WAS securing Goravani.com <http://goravani.com/>, now that too has gone down for some reason.
>
>
>
>> On Mar 4, 2022, at 6:41 PM, Andrew Stolarz <stolarz at gmail.com> wrote:
>>
>> Das,
>>
>> I dont think your SSL cert covers all your domains like you think they do.
>>
>> To answer your question "If there was a command that would let you see what
>> domains are covered by a cert, I’m sure you would see mine has all 4
>> domains in it with their www counterparts. 8 domains total."
>>
>> You can see what domains are covered in the SSL within your browser.
>>
>> Using google Chrome browser....
>>
>> Go to a secure site and when you click the lock in the browser bar and
>> select connection is secure > certificate is valid.
>>
>>
>> Expand the certificate details and find an area that states "subject
>> alternative names" ....it will list all the DNS names that the cert covers.
>>
>>
>>
>> Andrew
>>
>>
>>
>>
>> On Fri, Mar 4, 2022 at 5:43 PM Das Goravani <goravanis at gmail.com <mailto:goravanis at gmail.com>> wrote:
>>
>>> Andrew, I hear ya.
>>>
>>> However, I have used a multi domain cert from Certbot for nearly 2 years
>>> through many renewals.
>>>
>>> Certbot issues individual or multi domain certs. Multi domain is totally
>>> normal.
>>>
>>> It’s working for Goravani.com and readmyastrology.com <
>>> http://readmyastrology.com/ <http://readmyastrology.com/>>, off the same cert, right now.
>>>
>>> The other two should be secure. It’s their cert too.
>>>
>>> Only the name is Goravani.com <http://goravani.com/> because certbot uses the first domain in the
>>> cert as the name of the cert, that is all.
>>>
>>> It’s really a cert for 4 sites. No problem, normally.
>>>
>>> It’s supposed to work, but something is wrong somewhere.
>>>
>>> If there was a command that would let you see what domains are covered by
>>> a cert, I’m sure you would see mine has all 4 domains in it with their www
>>> counterparts. 8 domains total.
>>>
>>> I don’t think that’s the reason 2 of my sites say insecure. I don’t know
>>> the reason but that is not supposed to be the reason.
>>>
>>>
>>>> On Mar 4, 2022, at 2:09 PM, Andrew Stolarz <stolarz at gmail.com <mailto:stolarz at gmail.com>> wrote:
>>>>
>>>> Das,
>>>>
>>>> I use lets encrypt for my sites as well (except on windows servers). I
>>> set
>>>> up different SSL certs for each site and in the domain setup area, I
>>> select
>>>> which SSL cert it will use. Im assuming its similar on the mac side.
>>>>
>>>> When I look at  GoravaniJyotish.com <http://goravanijyotish.com/> <http://goravanijyotish.com/ <http://goravanijyotish.com/>>, it
>>> staying its insecure because its
>>>> trying to use the SSL cert for Goravani.com <http://goravani.com/> <http://goravani.com/ <http://goravani.com/>>....instead
>>> of itss own domains
>>>> GoravaniJyotish.com <http://goravanijyotish.com/> <http://goravanijyotish.com/ <http://goravanijyotish.com/>>,
>>>>
>>>>
>>>> I have always created individual ssl certs for each domain and never ran
>>>> into this issue.
>>>>
>>>>
>>>> Andrew
>>>>
>>>>
>>>>
>>>> On Fri, Mar 4, 2022 at 1:35 PM Das Goravani <goravanis at gmail.com <mailto:goravanis at gmail.com>
>>> <mailto:goravanis at gmail.com <mailto:goravanis at gmail.com>>> wrote:
>>>>> Hello $all,
>>>>>
>>>>> I have 4 websites served through my Mac server.
>>>>> They are all set up identically in all places.
>>>>> They are all 4 covered in my SSL Certificate
>>>>>
>>>>> Yet 2 of them are insecure when you access them.
>>>>> Like the other 2, they should be secure.
>>>>>
>>>>> How is it possible? They are all set up identically. That means that in
>>> my
>>>>> Web Server Software they have the exact same settings, which means in
>>>>> Apache they have the same settings, they are all on the same
>>> certificate,
>>>>> their document root folders are together in the same place, everything
>>>>> about the 4 is the same except their content of course.
>>>>>
>>>>> 2 of them come up secure as they should.
>>>>>
>>>>> Goravani.com
>>>>> ReadMyAstrology.com
>>>>>
>>>>> 2 of them come up insecure.
>>>>>
>>>>> GoravaniJyotish.com <http://goravanijyotish.com/> <
>>> http://goravanijyotish.com/ <http://goravanijyotish.com/> <http://goravanijyotish.com/ <http://goravanijyotish.com/>>>
>>>>> JyotishStudio.com <http://jyotishstudio.com/> <http://jyotishstudio.com/ <http://jyotishstudio.com/>> <
>>> http://jyotishstudio.com/ <http://jyotishstudio.com/> <http://jyotishstudio.com/ <http://jyotishstudio.com/>>>
>>>>> They should all four be secure.
>>>>>
>>>>> Can you think of anything that would do this odd behavior?
>>>>>
>>>>> Thanks in advance,
>>>>>
>>>>> Das Goravani
>>>>>
>>>>> Ps: I worked out my web server and mail server problems.
>>>>> _____________________________________________________________
>>>>> Manage your list subscriptions at https://lists.omnis-dev.com <https://lists.omnis-dev.com/> <
>>> https://lists.omnis-dev.com/ <https://lists.omnis-dev.com/>>
>>>>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com <mailto:omnisdev-en at lists.omnis-dev.com> <mailto:
>>> omnisdev-en at lists.omnis-dev.com <mailto:omnisdev-en at lists.omnis-dev.com>>
>>>> _____________________________________________________________
>>>> Manage your list subscriptions at https://lists.omnis-dev.com <https://lists.omnis-dev.com/> <
>>> https://lists.omnis-dev.com/ <https://lists.omnis-dev.com/>>
>>>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com <mailto:omnisdev-en at lists.omnis-dev.com> <mailto:
>>> omnisdev-en at lists.omnis-dev.com <mailto:omnisdev-en at lists.omnis-dev.com>>
>>> _____________________________________________________________
>>> Manage your list subscriptions at https://lists.omnis-dev.com
>>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
>>>
>> _____________________________________________________________
>> Manage your list subscriptions at https://lists.omnis-dev.com
>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
> _____________________________________________________________
> Manage your list subscriptions at https://lists.omnis-dev.com
> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com

-- 
Kindest Regards,

Bastiaan Olij
bastiaan at muxworks.com.au
+61-432144833

More information about the omnisdev-en mailing list