Unable to attach SSL to domain

Started by rajeshmehra615, Jul 04, 2022, 01:25 AM

Previous topic - Next topic

rajeshmehra615Topic starter

Hello. I have a portfolio site.
The other day I decided to install SSL on a domain, free of charge. Uploaded the certificate keys via cPanel - it seems to have worked.
But the next day, when the site opens, after a second or less, the lock to the left of the domain disappears, but the domain itself has https in it.

Laravel site. I met exactly the same today on another project where I work. There is also cPanel, but not Laravel
  •  

judii

SSL certificates come in three levels:
- Domain Validation (DV) - the simplest option, as it does not stand out in the address bar;
- Organization Validation (OV) - highlighted with a green padlock;
- Extended validation (EV) - the most expensive and difficult to obtain, indicated by a green padlock and the name of the organization in the address bar.

Yes, and according to the test for ssllabs, you only have security on B, which is generally normal for a free certificate, but not ideal
  •  

natmir

There are many reasons for such errors. The main ones include:

Incorrect date and time on the device (computer, smartphone, tablet, etc.);
Untrusted SSL certificate;
Firewall or antivirus blocking the website;
The included experimental Internet protocol QUIC;
Lack of operating system updates;
Using an outdated version 3.0 SSL certificate;
The "Invalid CSR" error appears when generating a certificate from the cloud provider's control panel.

Problems with date and time
If an incorrect date and time are set on the device, an SSL connection error is inevitable, because when the certificate is checked, its validity period is checked. Modern browsers are able to detect such an error on their own and display a message about an incorrectly set date or time.
To fix that error, it is enough to set the current time on the device. After that, you need to restart the page or browser.

Untrusted SSL certificate
Sometimes when you go to a site protected by the HTTPS protocol, the error "the SSL certificate of the site is not trustworthy" appears.

One of the reasons for such an error, as in the previous case, may be the wrong time. However, there is a second reason — the browser cannot verify the certificate's chain of trust because the root certificate is missing. To get rid of such an error, you need to download a special GeoTrust Primary Certification Authority package containing root certificates. After downloading, proceed to the installation. For this:

Press the Win+R keyboard shortcut and enter the certmgr.msc command, click "Ok". The Certificate Center will open in Windows.
Open the list of "Trusted Root Certification Authorities" on the left, select the "Certificates" folder, right—click on it and select "All tasks - import".

Firewall or antivirus blocking the website
Some sites are blocked by Windows Firewall. To check, you can disable the firewall and try to go to the desired site. If the SSL certificate started working correctly, it means that the firewall is the problem. In Internet Explorer, you can add an incorrectly working site to the list of reliable ones and the problem will disappear. However, that way you will reduce the security of your device, since the content of the website may be unsafe, and site control is now disabled.
Included experimental QUIC protocol
QUIC is a new experimental protocol that is needed for a fast internet connection. The main task of the QUIC protocol is to support multiple connections. You can disable that protocol in your browser configuration.

We show how to disable QUIC using the example of the Google Chrome browser:

Open the browser and type the chrome command://flags/#enable-quic;
In the window that appears, the parameter will be highlighted: Experimental QUIC protocol. Under the name of that parameter, you will see a drop-down menu in which you need to select the option: Disable.
  •