Tag Archives: ssl

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

So, I was trying to create a SSL certificate with certbot…..

[email protected]:~# certbot --apache -d blog.domain.com

This was how I’v done to properly create it.

certbot --authenticator standalone --installer apache -d blog.domain.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

Mixed Content: The page at – This request has been blocked; the content must be served over HTTPS

I was having some HTTP issues here on this blog…

Mixed Content: The page at ‘https://www.digitalwhores.net/*******’. This request has been blocked; the content must be served over HTTPS.

I’v installed SSL Insecure Content Fixer.
Make sure you select !!

HTTP_CF_VISITOR (Cloudflare Flexible SSL); deprecated, since Cloudflare sends HTTP_X_FORWARDED_PROTO now

letsencrypt renew – 404 – Detail: Invalid response

So!,

letsencrypt renew output

Domain: www.domain.com
Type: unauthorized
Detail: Invalid response from
 http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6:

nginx error log

66.133.XXX.XXX - - [11/Feb/2017:09:33:20 +0100] "GET /.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6 HTTP/1.1" 404 247 "http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

“Somehow” my domain root has changed.
I had to take a look at /etc/letsencrypt/renewal/domain.com.conf and fix some paths… 🙂

 

“This certificate was signed by an untrusted issuer” problem after updating to Mac OS.

This certificate was signed by an untrusted issuer” problem after updating to Mac OS.

Your computer has expired certificates.
To solve this make the following actions:

  1. Applications > Utilities > Keychain Access.
  2. Select
    a) Keychain: Login and
    b) Category: Certificates
  3. Scroll each certificate and if it has expired delete it.

Related links

SSL tutorials

Just bought a SSL certificate for one of my clients….
Here are some useful tutorial links.—

CSR Generation: Using OpenSSL (Apache w/mod_ssl, NGINX, OS X)
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1/66/

Nginx CSR Generation using OpenSSL
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/801/0/nginx-csr-generation-using-openssl

Certificate Installation: Apache & mod_ssl
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/637/66/

Certificate Installation : NGINX
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1091/0/certificate-installation–nginx

Test your SSL.

SSL Server Test

This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don’t use the domain names or the test results, and we never will.