navigating to https tells me NET::ERR_CERT_AUTHORITY_INVALID
So I first followed this post creating my certificate and key:
https://www.linode.com/docs/security/ssl/create-a-self-signed-tls-certificate/
I then followed this post about enabling tls on nginx:
https://www.linode.com/docs/web-servers/nginx/enable-tls-on-nginx-for-https-connections/
I configured the the http Block as stated in that post and then configured a Single HTTPS Site as seen in that post.
However when I navigate to my site (https) (in chrome), it tells me my connection is not private with NET::ERR_CERT_AUTHORITY_INVALID.
Anyone can help me with this?
6 Replies
So I first followed this post creating my certificate and key:
That explains how to create a self signed certificate.
Self signed certificates are not trusted by browsers, etc. Your users will see same error (and will need to click "continue anyway" etc. to proceed, depends on the browser).
Ways to obtain a trusted certificate:
Buy one, there are many resellers, personally I've used NameCheap
Use a free certificate from Let's Encrypt (search the guides for that, or for "certbot").
Those are 1) issued by a known party trusted by web browsers 2) bound to your domain name, you will need to prove your ownership of the domain as part of the purchase / setup process.
And that's the idea here - a web browser will then know it can trust your site's certificate.
I see, this is my first time getting into ssl/tls so really helpful.
I have tried letsencrypt but I am not using .tube which is not public. There are not other alternative free certificates for private domains?
I have tried letsencrypt but I am not using .tube which is not public.
Um not sure what you mean….
If the site is "public facing" - i.e. you expect "just about anybody on the internet" to be able to connect - then you will need a trusted certificate, unless you want to run without https.
I don't think there should be any issues if your domain suffix is .tube - i.e. my site is under .mobi and I had no trouble with either NameCheap (the cert is from Comodo) or Let's Encrypt…
well with letsencrypt I get this:
The request message was malformed :: Error creating new order :: Name does not end in a public suffix
If I were to buy from namecheap would I need multidomain if I have subdomains? e.g. api.test.tube for test.tube?
The request message was malformed :: Error creating new order :: Name does not end in a public suffix
Oh I see, sorry I mislead you.
Maybe before initiating your cert purchase (at NameCheap, or anywhere else, there are many resellers), I'd suggest asking the reseller's support if .tube is supported.
If I were to buy from namecheap would I need multidomain if I have subdomains? e.g. api.test.tube for test.tube?
Yes, or from anywhere else. If you want your cert to include multiple domains - not only api.test.tube but also test.tube and maybe others - that's a multidomain cert.
PS - what's funny is that .tube is listed here on IANA web site:
https://www.iana.org/domains/root/db
and on Mozilla's web site
https://publicsuffix.org/list/public_suffix_list.dat
… but I guess you can't argue with an error message.
So maybe the error (about .tube) is caused by something else?
ah you were right! When I ran the letsencrypt command, one of the domains I listed was spelt wrong: .tuke haha
Thanks for the help!