Problem with SSL certificate


#1

Hello,

I created au second blog with custom subdomain, but I have an error when I request the https version…

Firefox say that the certificate is for 42divide.com not for my own domain…

I have no problem on my primary blog at https://aris.papatheodorou.net/

A bug on Write.as ?

Impossible de communiquer en mode sécurisé avec le pair : le nom de domaine demandé ne correspond pas au certificat du serveur.

HTTP Strict Transport Security : false
HTTP Public Key Pinning : false

Chaîne de certificat :

-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAw08xX1smNVU7MSr6/uh6eOCMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAxMTgxNTQ2NTNaFw0x
OTA0MTgxNTQ2NTNaMBcxFTATBgNVBAMTDDQyZGl2aWRlLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANxaQkJeGR7pt/Ze9QkbPGJY5djHTtHAJZho
3fi+MI01CNgn/T0MtYSzmHR4Qu4yk/m0nQYfQ/WV39d2EDirTCm0IN2I8mtQkipg
LR8N4sKHczH3SS/h6cX/ob/Xl2co048zKnjwEO8ZsO41OuKWZfQwy+jY3lw18RAu
hSkxsnpOnJgLttzX48JHjs4G+iS/HtVbTETv4wL9feZQe0VgA9tFtuFGwZ0MdyOD
GoA4hXn4nUxwEhl81EJ2D7hIlcNIz3tucKHjrlwlUcGKD8kgzLMh+cKep1zFFiBz
DqAPSFSgzHsa/RrokJGszWkE6Wglcsw+aXvOD3zXAh2TOs6wN1UCAwEAAaOCAmIw
ggJeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU6hebHPfWAkXa2okcG9nehUMOokgw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAXBgNVHREEEDAOggw0MmRpdmlkZS5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEw
NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
cnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgB0ftqDMa0zEJEhnM4l
T0Jwwr/9XkIgCMY3NXnmEHvMVgAAAWhh2699AAAEAwBHMEUCIQDl7U/wUddbI+w4
gATYR1OoX2SmKafNSqiFR6y+n1QbdwIgPMyPqFfGwF04PCLs5YbmgW2ds/ZMIOOA
Dt9vVIbpGf4AdwApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWhh
263xAAAEAwBIMEYCIQDQ8I8DnaJeqGjdPNu9HVJEpSxS+28ApXtcStgOSuFckQIh
ANyogp6A0UAi+RHU9QBqs0VpbZva3dIJtq8zU17ZgrhxMA0GCSqGSIb3DQEBCwUA
A4IBAQCWU+t/A7r3nPe1ABsll+0nVUBXT3wELQ9YsGTDsli9oCMOIqly6TRSVJc2
LehqSsQitPKpnNkYbjqn0+eCZxRFA3+YzXZ6SoHohipSUszpmFsBe7ONSvoNsM7I
n03wtpdBrz1t91MvfN3J9oQUd6ULLEypLUfVLPxJ97pRGwxVuDT96oQTYmtDeS6W
eN145vH3+0p+BPpEMGbVkn5VZc/SDK6UY9MAXVU85GDaQQNInKiL8xISuEdhfN8B
SWsfYAVEvwkMa9Iw9SJCUMX4v9eez9QnaHh/P7FZCFBd2jS8gqba5Sq0ChofMwkc
1HsKl7skCtiz0oePe5KiLu7sbsFT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

#2

Thanks for the heads up – the automatic certificate process got held up by another site. All fixed now.


#3

Thank you for all the good job done !


#4

@Matt,

SSL is working for all of my blogs except this one:

47

Could you please take a look?


#5

Sure, your DNS settings look good from where I am, but the server is still seeing old values there, so it can’t generate the certificate. Sometimes when this happens it just ends up taking a couple more hours for everything to get right.


#6

Just checked and it’s all set now @DLKR :+1:


#7

I’m having the same problem with wedodatastuff.com (We Do Data Stuff).


#8

Connecting to your site with SSL is working for me…


#9

Thanks, Aris! Maybe it was temporary.


#10

Just to let you know I’ve noticed this with a couple of my blogs, which were working fine, then got flagged as insecure, then work fine again a few hours later.

It seems like there might be something going on. If I notice it again, I’ll post specifics here.


#11

Thanks, please do.

Besides the starting topic of this thread, most of these issues are likely caused by certificates just taking a bit to generate. We have an automated process that, once you set a custom domain as your blog’s Preferred URL, checks that the domain is correctly pointed at our server and requests an SSL certificate via Let’s Encrypt.

A few things can slow this down:

  • The automated process pinging the domain before DNS settings have fully propagated
  • The same for Let’s Encrypt servers
  • If a domain name is brand new (DNS settings take even longer to propagate)

To ensure certificates are generated as quickly as possible, be sure to set things up in the order mentioned on the Help page. Specifically:

  1. First, set DNS settings
  2. Wait at least 30 minutes for settings to propagate (or longer, if your TTL is a large value)
  3. Finally, set the Preferred URL on Write.as

This should avoid many DNS-related delays.

Either way, the certificate process works without a hiccup most of the time. And it does automatically track when a certificate has been successfully generated, so people will automatically be redirected from the insecure site to secure when it’s ready – no work needed on your part. In most cases, setting everything and letting the robots do their thing should mean your site is up and secure in no more than 24 hours. But again, if you still notice an issue, please mention it!


#12

Confirmed. I just set up a new blog, actually following Matt’s instructions this time, and it worked perfectly.