My domain gets error stating SSL certificate is not trusted

youre77 · February 14, 2017, 1:55pm

I tried implementing https on my domain. I keep getting an error stating my connection is not private. At first I generated everything in openSSL for windows by following the instrcutions here OpenSSL Essentials: Working with SSL Certificates, Private Keys and CSRs | DigitalOcean

When that did not work,I decided to generate the private key and csr in you ssl manager then proceeded to create a certificate in openSSL. However, I still get the same error. What am I doing wrong?

Admin · February 14, 2017, 6:19pm

Did you follow the tutorial to generate the certificate? Because the tutorial clearly says the certificate is “self-signed”, meaning it’s not trusted. An SSL certificate is trusted if it’s generated by a trusted SSL certificate provider, meaning a self signed certificate can never be a trusted certificate. You’ll need to get a certificate from a certificate provider like StartSSL.

youre77 · February 15, 2017, 2:56pm

I see, apologies, I am a bit new at this so I didn’t know what self signed meant. I have tried using StartSSL to get a certificate butnI can’t get past the domain verification because i don’t know which of the following email to choose.
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Admin · February 15, 2017, 6:36pm

@youre77 said:
I see, apologies, I am a bit new at this so I didn’t know what self signed meant. I have tried using StartSSL to get a certificate butnI can’t get past the domain verification because i don’t know which of the following email to choose.

Well, StartSSL is going to send a verification e-mail to the address you select there, so you need to make sure it’s an address you have access to. Which e-mail addresses do you think you could receive the verification e-mail on?

youre77 · February 16, 2017, 10:40am

Hmm, my guess would be either one of these three
[email protected]
[email protected]
[email protected]
since they have my domain on it. But how do I access it? I tried the webmail feature in the control panel but none of them seem to work. Am I wrong?

Admin · February 16, 2017, 4:10pm

@youre77 said:
Hmm, my guess would be either one of these three
[email protected]
[email protected]
[email protected]
since they have my domain on it. But how do I access it? I tried the webmail feature in the control panel but none of them seem to work. Am I wrong?

Well, you’re right about the first part. But can you please explain what doesn’t work about the webmail? Are you unable to receive any e-mail with it, unable to receive e-mail from StartSSL specifically or unable to sign in?

youre77 · February 17, 2017, 8:32am

Glad to know I was right about something To further elaborate my question about the webmail, essentially I am asking how can I login to the email address of my domain? I am not sure where I am supposed to go.

Admin · February 18, 2017, 11:16am

@youre77 said:
Glad to know I was right about something To further elaborate my question about the webmail, essentially I am asking how can I login to the email address of my domain? I am not sure where I am supposed to go.

You can create e-mail accounts and set the password through your control panel. A link to the webmail login page is available there as well.

youre77 · February 18, 2017, 11:22am

It worked! Thanks a lot!

youre77 · February 19, 2017, 2:00pm

Hi, I just uploaded my certificate a few hours ago, and so far the responsenI get is still saying my certificate is not trusted. How long do I have to wait before the certificate takes effect? Also, I checked my url on ssllabs and so far I got a B rating. I am just wonderingnif that has anything to do with my connection not being trusted

Admin · February 19, 2017, 4:18pm

@youre77 said:
Hi, I just uploaded my certificate a few hours ago, and so far the responsenI get is still saying my certificate is not trusted. How long do I have to wait before the certificate takes effect? Also, I checked my url on ssllabs and so far I got a B rating. I am just wonderingnif that has anything to do with my connection not being trusted

A B rating is fine, if it’s not a trusted certificate it would be a straight F. More likely, it’s a caching issue. Browsers (notably Google Chrome) tend to cache certificate details, so you’ll just need to wait a while for it to recheck the certificate, after which it should show as valid.

If you uploaded an invalid certificate, it would have been rejected right away when trying to install it.

youre77 · February 20, 2017, 10:27am

It’s been more than a day now but when I try to access the link I still get an invalid certificate error. Should I wait longer? Or did I do something wrong?

Admin · February 20, 2017, 11:56am

@youre77 said:
It’s been more than a day now but when I try to access the link I still get an invalid certificate error. Should I wait longer? Or did I do something wrong?

Again, if the certificate actually was invalid, you wouldn’t have been able to install it. If an SSL checker says your certificate was installed OK, there is nothing else you can do. Just wait (or try with a different browser) for the problem to be solved.

youre77 · February 20, 2017, 4:10pm

I tried accessing my domain through chromium and the ‘Not Trusted’ message doesn’t appear there. Thanks for the help. One last question though, the server we use here is an apache server right?

Admin · February 20, 2017, 6:30pm

@youre77 said:
I tried accessing my domain through chromium and the ‘Not Trusted’ message doesn’t appear there. Thanks for the help. One last question though, the server we use here is an apache server right?

Yes and no. Websites are loaded through Apache for .htaccess support, the content is served by nginx to the end user (nginx is faster and uses less server power).

youre77 · February 21, 2017, 1:35am

OK, thanks again