Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
4082 posts

Uber Geek
+1 received by user: 1768

Subscriber

  # 2267352 30-Jun-2019 16:05
Send private message quote this post

When you do your Lets Encrypt request you must use the specific FQDN that your site is served at, or the certifcate won't get issued to the right place.

 

For example, "www.trademe.co.nz" does not equal trademe.co.nz. So when you look at their SSL cert...

 

 

It is "issued to", specifically, "www.trademe.co.nz".

 

If however you had a single TLD, but wanted to use multiple host names, you would need a wildcard certificate. This is in the format of "*.yourdomain.com". So for example:

 

 

So we can serve a site at "www.nztcl.co.nz" at don't get an SSL error. We could also, using the same certificate, serve content at "anything.nztcl.co.nz" and still not get an SSL error.

 

 

 

So long story short, check your certificate is "issues to" the FQDN you are actually browsing too.


318 posts

Ultimate Geek
+1 received by user: 25

Lifetime subscriber

  # 2267400 30-Jun-2019 17:57
Send private message quote this post

chevrolux:

 

If however you had a single TLD, but wanted to use multiple host names, you would need a wildcard certificate.

 

 

 

 

Not necessarily. SAN (Subject Alternative Name) certificates are commonly used to secure multiple host names. It's a good idea to issue a cert for each service that only secures the names relevant for that service, rather than taking the easy approach of using a single wildcard cert for everything. Cert renewal should be automated so the extra effort doesn't really matter in the end. 

 

If you must use a wildcard, you need to make every effort to ensure that it won't get compromised, and in the event that it does, prepare to revoke and replace it immediately. IMO the only real use-case for a wildcard is if you're hosting a web service with many sub-domains. SAN cert cost is no longer a factor with services like Let's Encrypt - and EV certs don't really matter anymore.

 

Trade Me SAN cert example:

 

 

 


 
 
 
 


373 posts

Ultimate Geek
+1 received by user: 57


  # 2267536 30-Jun-2019 22:49
Send private message quote this post

had a look at @Ford site

 

looks like it is a Certificate Name Mismatch

 

2 ssl certs are running 1 from plesk.com and another from Let's Encrypt




391 posts

Ultimate Geek
+1 received by user: 11


  # 2269046 3-Jul-2019 09:59
Send private message quote this post

Hi Biggal

 

I have sent you a message.

 

Just had the flu this week, back into it now

 

Thank you

 

 




391 posts

Ultimate Geek
+1 received by user: 11


  # 2269071 3-Jul-2019 10:10
Send private message quote this post

maybe I am supposed to have www. infront of the domain name

 

 




391 posts

Ultimate Geek
+1 received by user: 11


  # 2269090 3-Jul-2019 10:49
Send private message quote this post

Talked to 1st domains

 

On plesk they put a tick into - select what else can be secured - include the www. subdomain.

 

I'm not getting the error

 

whynopadlock is a pass but ssl server text I still only get an A.

 

But I'm not getting any certificate errors so maybe that is ok.

 

I will test it on another pc and report back

 

 




391 posts

Ultimate Geek
+1 received by user: 11


  # 2271044 6-Jul-2019 13:38
Send private message quote this post

So no more errors

 

I will look at the other suggestions you all mentioned as well but at least I'm not getting the errors so that's progress.

 

More is still to be learned on this whole SSL thing I can see

 

 


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Huawei's scholarship programme showcases international business to Kiwi undergrads
Posted 22-Jul-2019 17:53


Spark Sport launches across a range of new devices
Posted 22-Jul-2019 13:19


Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.