navigating to https tells me NET::ERR_CERT_AUTHORITY_INVALID

So I first followed this post creating my certificate and key:

https://www.linode.com/docs/security/ssl/create-a-self-signed-tls-certificate/

I then followed this post about enabling tls on nginx:
https://www.linode.com/docs/web-servers/nginx/enable-tls-on-nginx-for-https-connections/

I configured the the http Block as stated in that post and then configured a Single HTTPS Site as seen in that post.

However when I navigate to my site (https) (in chrome), it tells me my connection is not private with NET::ERR_CERT_AUTHORITY_INVALID.

Anyone can help me with this?

6 Replies

So I first followed this post creating my certificate and key:

That explains how to create a self signed certificate.

Self signed certificates are not trusted by browsers, etc. Your users will see same error (and will need to click "continue anyway" etc. to proceed, depends on the browser).

Ways to obtain a trusted certificate:

  • Buy one, there are many resellers, personally I've used NameCheap

  • Use a free certificate from Let's Encrypt (search the guides for that, or for "certbot").

Those are 1) issued by a known party trusted by web browsers 2) bound to your domain name, you will need to prove your ownership of the domain as part of the purchase / setup process.

And that's the idea here - a web browser will then know it can trust your site's certificate.

I see, this is my first time getting into ssl/tls so really helpful.
I have tried letsencrypt but I am not using .tube which is not public. There are not other alternative free certificates for private domains?

I have tried letsencrypt but I am not using .tube which is not public.

Um not sure what you mean….

If the site is "public facing" - i.e. you expect "just about anybody on the internet" to be able to connect - then you will need a trusted certificate, unless you want to run without https.

I don't think there should be any issues if your domain suffix is .tube - i.e. my site is under .mobi and I had no trouble with either NameCheap (the cert is from Comodo) or Let's Encrypt…

well with letsencrypt I get this:

The request message was malformed :: Error creating new order :: Name does not end in a public suffix

If I were to buy from namecheap would I need multidomain if I have subdomains? e.g. api.test.tube for test.tube?

The request message was malformed :: Error creating new order :: Name does not end in a public suffix

Oh I see, sorry I mislead you.

Maybe before initiating your cert purchase (at NameCheap, or anywhere else, there are many resellers), I'd suggest asking the reseller's support if .tube is supported.

If I were to buy from namecheap would I need multidomain if I have subdomains? e.g. api.test.tube for test.tube?

Yes, or from anywhere else. If you want your cert to include multiple domains - not only api.test.tube but also test.tube and maybe others - that's a multidomain cert.

PS - what's funny is that .tube is listed here on IANA web site:

https://www.iana.org/domains/root/db

and on Mozilla's web site

https://publicsuffix.org/list/public_suffix_list.dat

… but I guess you can't argue with an error message.

So maybe the error (about .tube) is caused by something else?

ah you were right! When I ran the letsencrypt command, one of the domains I listed was spelt wrong: .tuke haha

Thanks for the help!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct