codesays

Do not know why, but it works now. Thanks!!!

Thanks for your clarification! I did not mean the general configuration, which should be alright. But how about the section for my VirtualHost? I used the telnet command to simulate http request, and it successed: shengyu ~ $ telnet codesays.com 443 Trying 66.220.18.188... Connected to codesays.com. Escape character is '^]'. GET / HTTP/1.1 Host: codesays.com HTTP/1.1 200 OK (...a empty webpage was returned) If the HTTPS was deployed on 443 port, the command should not success. I tried the same thing on a SSL domain, and the return content is "400 The plain HTTP request was sent to HTTPS port". The similar error was discussed here: https://community.letsencrypt.org/t/certificate-hostname-does-not-match-site-hostname/8938/9 This is my first time to deploy the SSL certificate. Sorry if it was a stupid question.

https://community.letsencrypt.org/t/howto-a-with-all-100-s-on-ssl-labs-test-using-apache2-4-read-warnings/2436 No, it should not be the certificate error. Probably it is Apache config error. shengyu ~ $ openssl s_client -connect codesays.com:443 -servername codesays.com CONNECTED(00000003) 2474:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/SourceCache/OpenSSL098/OpenSSL098-52.8.4/src/ssl/s23_clnt.c:618: shengyu ~ $ telnet codesays.com 443 Trying 66.220.18.188... Connected to codesays.com. Escape character is '^]'. GET / HTTP/1.1 Host: codesays.com HTTP/1.1 200 OK (...) As the discussion shows, "Apache should do SSL on port 443, not just non-SSL HTTP". Could you please have a look at the configuration file? Thankssss!!

It shoud not be the DNS problem. I changed my host file. Anyway, the nameservers are updated now. But it is still not working. For chrome, the error message is: ERR_SSL_PROTOCOL_ERROR For firefox, the error message is: ssl_error_rx_record_too_long For safari, the error message is: unable to establish a secure connection. Could you please help me and take a look? Thanks!

Hello Krydos, the site (with IP 66.220.18.188) is still unavailable after 24 hours. It shows "Account Queued" page. Could you please have a look at it? Thanks! PS: the public DNS record is out-of-date (216.218.192.170). So if you directly access codesays.com, you will see the old website.

That is reasonable. But the error page also says: While the account is being created we suggest taking a look at your control panel. http://johnny.heliohost.org:2082/ My account should be under Stevie SSL plan, rather than Johnny SSL. Is the error page (http://codesays.com/cgi-sys/defaultwebpage.cgi) incorrect? Or am I under a wrong plan? Thanks!!!

Hello Krydos! I cannot access my website with the new IP 66.220.18.188 When I access http://codesays.com, it is redirected to http://codesays.com/cgi-sys/defaultwebpage.cgi and says "HelioHost has not gotten about to installing and configuring your account yet" But when I login my cpanel account at stevie.heliohost.org, the wordpress files are there. PS: I changed the IP in my DNS name server back to 216.218.192.170, so the site is available now. But when could I switch to the new IP?

Hello Admin, I need to IP so that I can install the SSL certificate. I have paid via Paypal. My user name is : codesays website is: codesays.com Transaction ID: 41432548X3071835W My blog has some Chinese users. If possible, please give me an IP, which is accessible in China. Thanks!!!!

Thanks for your explanation!

IP address is yearly according to Krydos (who pretty much runs the place). I'd have to ask though, as our website tells a different story. As for Lets Encrypt, I don't know if we support it as I haven't personally read the detailed documentation for their service. If it uploads something over FTP, you're probably good. If it uses SSH, it's not supported. Also, I think browsers will still see security warnings in its current state (it hasn't gotten the cross-certificates it needed last I heard). You don't need SSH to run the client. Let's encrypt has provided an option to manually verify the domain's ownership. All you need is to upload a file under a specific folder that the Let's encrypt client provide to you. The only requirement is that you need a linux machine available to execute the client. There isn't one available for windows yet. However, you can use a VM for this, like I have done. It is really good to hear from the LetsEncrypt user! I did not have experience with LetsEncrypt. But as far as I see in the documents, a single certificate can verify one domain and many sub-domains at the same time. For example, one single certificate can cover bothe example.com and sub.example.com. If I hosted example.com and sub.example.com under one Stevie account. To say, example.com in /user/example/www_one and sub.example.com /user/example/www_two. Is it workable that I upload the one certificate, and both domains get coverred? Thanks!!!

IP address is yearly according to Krydos (who pretty much runs the place). I'd have to ask though, as our website tells a different story. As for Lets Encrypt, I don't know if we support it as I haven't personally read the detailed documentation for their service. If it uploads something over FTP, you're probably good. If it uses SSH, it's not supported. Also, I think browsers will still see security warnings in its current state (it hasn't gotten the cross-certificates it needed last I heard). A quick update: LetsEncrypt got the cross-certificates from IdenTrust.

Yes you must get a dedicated IP address. That's what the $12 fee is for. Our provider charges us $12 for it, so we just pass the cost to you. As for the certificate, yes, that must be obtained from a certificate authority. We do not sell certificates. Many are $10-50 a year depending on vendor for regular ones. Wildcard ones are extremely expensive (on the order of $200-500 a year).There are some promising upcoming free providers though. Let's Encrypt is probably the biggest of them (now a public beta), but I'm not sure if they ever got the stuff required to prevent browsers from showing warnings, and you need to use a linux PC with it installed to generate them. For the IP address fee, is it one-time or yearly? I got different answers, when I searched our website. For the Let's Encrypt, to verify the ownership, they will create some files inside the website. Do we (consider to) officially support that script? Otherwise, I need to manually sync the verification files.

Thanks for your detailed explanation! I must mis-understand something there So: To use a SSL certificate, I MUST get a dedicated IP address firstly, right? And you do not sign the certificate, so I need to get a certificate somewhere else, correct? Many thanks!!!!

Hello Admin! I just created my Stevie account, and I am considering to take the SSL for the site. But I have a question for the SSL certificate. Does the certificate cover the sub-domain? For example, if I have a website https://example.com with a Stevie SSL account. Then I add a sub-website http://sub.example.com under the SAME Stevie account (in another directory). Is the sub.example.com protected by the SSL certificate also? If not, can I get another free SSL certificate for the sub-domain, and how? Thanks!!! Sorry, due to network issue, the post was submitted twice.