Sites are insecure, should be secure

Andrew Stolarz stolarz at gmail.com
Sat Mar 5 15:14:16 UTC 2022 

Das,

Go do the same on another site like cnn.com you will see all the domains
covered under the one ssl cert……ie. “subject alternative names”.

Long ago I used to also have many sites under one cert and that’s where I
was able to validate it. I do one ssl cert per domain now as I didn’t want
all my sites to give errors if something went wrong with the one
certificate.


Andrew







On Fri, Mar 4, 2022 at 9:03 PM Das Goravani <goravanis at gmail.com> wrote:

>
> Well it’s odd, but this cert was auto named Goravani.com because that is
> the first domain I entered when making the cert.
>
> Now it doesn’t work for Goravani.com <http://goravani.com/> either. It
> too has started showing an insecure logo.
>
> Now only readmyastrology.com <http://readmyastrology.com/> is secure.
>
> And I opened it in Chrome as you started, looked at what you stated, and
> it only lists readmyastrology.com <http://readmyastrology.com/> and www
> variant.
>
> I think that place shows you only the current website, and not the other
> sites covered by the cert.
>
> Because I entered all 4 sites into the command when I made this cert.
>
> This puzzle has some other cause. I used a multi domain for years and all
> my sites were secure.
>
> Certbot wouldn’t make them if they didn’t work. They work. And they cover
> all their sites.
>
> Something else is afoot.
>
> It WAS securing Goravani.com <http://goravani.com/>, now that too has
> gone down for some reason.
>
>
>
> > On Mar 4, 2022, at 6:41 PM, Andrew Stolarz <stolarz at gmail.com> wrote:
> >
> > Das,
> >
> > I dont think your SSL cert covers all your domains like you think they
> do.
> >
> > To answer your question "If there was a command that would let you see
> what
> > domains are covered by a cert, I’m sure you would see mine has all 4
> > domains in it with their www counterparts. 8 domains total."
> >
> > You can see what domains are covered in the SSL within your browser.
> >
> > Using google Chrome browser....
> >
> > Go to a secure site and when you click the lock in the browser bar and
> > select connection is secure > certificate is valid.
> >
> >
> > Expand the certificate details and find an area that states "subject
> > alternative names" ....it will list all the DNS names that the cert
> covers.
> >
> >
> >
> > Andrew
> >
> >
> >
> >
> > On Fri, Mar 4, 2022 at 5:43 PM Das Goravani <goravanis at gmail.com
> <mailto:goravanis at gmail.com>> wrote:
> >
> >>
> >> Andrew, I hear ya.
> >>
> >> However, I have used a multi domain cert from Certbot for nearly 2 years
> >> through many renewals.
> >>
> >> Certbot issues individual or multi domain certs. Multi domain is totally
> >> normal.
> >>
> >> It’s working for Goravani.com and readmyastrology.com <
> >> http://readmyastrology.com/ <http://readmyastrology.com/>>, off the
> same cert, right now.
> >>
> >> The other two should be secure. It’s their cert too.
> >>
> >> Only the name is Goravani.com <http://goravani.com/> because certbot
> uses the first domain in the
> >> cert as the name of the cert, that is all.
> >>
> >> It’s really a cert for 4 sites. No problem, normally.
> >>
> >> It’s supposed to work, but something is wrong somewhere.
> >>
> >> If there was a command that would let you see what domains are covered
> by
> >> a cert, I’m sure you would see mine has all 4 domains in it with their
> www
> >> counterparts. 8 domains total.
> >>
> >> I don’t think that’s the reason 2 of my sites say insecure. I don’t know
> >> the reason but that is not supposed to be the reason.
> >>
> >>
> >>> On Mar 4, 2022, at 2:09 PM, Andrew Stolarz <stolarz at gmail.com <mailto:
> stolarz at gmail.com>> wrote:
> >>>
> >>> Das,
> >>>
> >>> I use lets encrypt for my sites as well (except on windows servers). I
> >> set
> >>> up different SSL certs for each site and in the domain setup area, I
> >> select
> >>> which SSL cert it will use. Im assuming its similar on the mac side.
> >>>
> >>> When I look at  GoravaniJyotish.com <http://goravanijyotish.com/> <
> http://goravanijyotish.com/ <http://goravanijyotish.com/>>, it
> >> staying its insecure because its
> >>> trying to use the SSL cert for Goravani.com <http://goravani.com/> <
> http://goravani.com/ <http://goravani.com/>>....instead
> >> of itss own domains
> >>> GoravaniJyotish.com <http://goravanijyotish.com/> <
> http://goravanijyotish.com/ <http://goravanijyotish.com/>>,
> >>>
> >>>
> >>> I have always created individual ssl certs for each domain and never
> ran
> >>> into this issue.
> >>>
> >>>
> >>> Andrew
> >>>
> >>>
> >>>
> >>> On Fri, Mar 4, 2022 at 1:35 PM Das Goravani <goravanis at gmail.com
> <mailto:goravanis at gmail.com>
> >> <mailto:goravanis at gmail.com <mailto:goravanis at gmail.com>>> wrote:
> >>>
> >>>>
> >>>> Hello $all,
> >>>>
> >>>> I have 4 websites served through my Mac server.
> >>>> They are all set up identically in all places.
> >>>> They are all 4 covered in my SSL Certificate
> >>>>
> >>>> Yet 2 of them are insecure when you access them.
> >>>> Like the other 2, they should be secure.
> >>>>
> >>>> How is it possible? They are all set up identically. That means that
> in
> >> my
> >>>> Web Server Software they have the exact same settings, which means in
> >>>> Apache they have the same settings, they are all on the same
> >> certificate,
> >>>> their document root folders are together in the same place, everything
> >>>> about the 4 is the same except their content of course.
> >>>>
> >>>> 2 of them come up secure as they should.
> >>>>
> >>>> Goravani.com
> >>>> ReadMyAstrology.com
> >>>>
> >>>> 2 of them come up insecure.
> >>>>
> >>>> GoravaniJyotish.com <http://goravanijyotish.com/> <
> >> http://goravanijyotish.com/ <http://goravanijyotish.com/> <
> http://goravanijyotish.com/ <http://goravanijyotish.com/>>>
> >>>> JyotishStudio.com <http://jyotishstudio.com/> <
> http://jyotishstudio.com/ <http://jyotishstudio.com/>> <
> >> http://jyotishstudio.com/ <http://jyotishstudio.com/> <
> http://jyotishstudio.com/ <http://jyotishstudio.com/>>>
> >>>>
> >>>> They should all four be secure.
> >>>>
> >>>> Can you think of anything that would do this odd behavior?
> >>>>
> >>>> Thanks in advance,
> >>>>
> >>>> Das Goravani
> >>>>
> >>>> Ps: I worked out my web server and mail server problems.
> >>>> _____________________________________________________________
> >>>> Manage your list subscriptions at https://lists.omnis-dev.com <
> https://lists.omnis-dev.com/> <
> >> https://lists.omnis-dev.com/ <https://lists.omnis-dev.com/>>
> >>>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
> <mailto:omnisdev-en at lists.omnis-dev.com> <mailto:
> >> omnisdev-en at lists.omnis-dev.com <mailto:omnisdev-en at lists.omnis-dev.com
> >>
> >>>>
> >>> _____________________________________________________________
> >>> Manage your list subscriptions at https://lists.omnis-dev.com <
> https://lists.omnis-dev.com/> <
> >> https://lists.omnis-dev.com/ <https://lists.omnis-dev.com/>>
> >>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com <mailto:
> omnisdev-en at lists.omnis-dev.com> <mailto:
> >> omnisdev-en at lists.omnis-dev.com <mailto:omnisdev-en at lists.omnis-dev.com
> >>
> >> _____________________________________________________________
> >> Manage your list subscriptions at https://lists.omnis-dev.com
> >> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
> >>
> > _____________________________________________________________
> > Manage your list subscriptions at https://lists.omnis-dev.com
> > Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
>
> _____________________________________________________________
> Manage your list subscriptions at https://lists.omnis-dev.com
> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
>
-- 
Sent from iPhone

More information about the omnisdev-en mailing list