Setting Up Ssl In Ricky

[sagnik]

I've just installed my own CA signed certificate for domain "whatsnew.cf, *.whatsnew.cf". But getting the following error and chrome is saying that the certificate is issued to "wn.sgnetworks.cu.cc" and is self-signed, even I've signed the certificate with my own CA and issued for "whatsnew.cf":

 

Here is the screenshot of the certificate installation page:

 

I need help setting up ssl properly without the error above.

[wolstech]

NET::ERR_CERT_AUTHORITY_INVALID

A certificate signed by your own personal CA will always throw that error since nobody trusts the CA. If you install your root certificate in the trusted CA store, that error should go away. Be aware that people won't just install some random CA though (and for good reason), so using this certificate is effectively pointless.

 

The domain name issue is odd. It's indeed showing sgnetworks, which means the CN field was probably incorrect (CN needs to be the exact domain it's for). Also, wildcard certificates are frowned upon by some (though they're acceptable), and services like LE won't even let you issue one.

 

I'd recommend either using our free cPanel/Comodo SSL or Lets Encrypt (both of which is signed by a CA trusted by all modern computers). Our Comodo/cPanel SSL does all the work for you too...it auto-issues the certificates when you add domains, and renews them automatically as they approach expiration.

Edited June 14, 2017 by wolstech
More details

[sagnik]

I understand. But why Chrome is showing that, the certificate has issued to "wn.sgnetworks.cu.cc" as it should show "whatsnew.cf", because I've put "whatsnew.cf" in the "common name" and "whatsnew.cf, *.whatsnew.cf" in the "subject alternative name with DNS.1, DNS.2 (FQDNS)".

 

And why "whatsnew.cf" showing "Account Queued"?

[wolstech]

There's something wrong with the certificate. I'm not sure why it mid-issued, but that cert is not for that domain. You need to get another certificate. The easy fix is to delete the certificate entirely and have us install autoSSL for you.

 

The domain whatsnew.cf is not queued and is showing content just fine for me. Please clear your cache.

[sagnik]

Oh, thanks.

 

Now my website is working fine. And I've uninstalled the certificate and installed cPanel issued auto SSL but the certificate still not updated with the new SSL.

[wolstech]

The AutoSSL can take up to 24 hours to issue certificates after installation I believe. Also, AutoSSL will fail if you have an .htaccess that redirects to HTTPS or restricts access to a domain (the server creates a random-named text file in your domain's root to verify ownership, if Comodo's servers can't reach that file for any reason, it fails...common reasons for failures are forced HTTPS to a domain with a bad cert, forbidden errors, etc.)

 

If it's still not working tomorrow, I'll escalate and have Krydos force the AutoSSL to run for your domains. If there's something wrong, he'd be able to post the logs as well.

[sagnik]

Ok thanks for your great help. Well, yeah I want to force redirect to https if user visit http but not now I've not created htaccess yet. I'm waiting for https to work properly then I'll create a htaccess to force redirect to https.