Your connection is not private - NET::ERR_CERT_AUTHORITY_INVALID

Discussion in 'General' started by onastvar, Jul 17, 2018.

  1. onastvar

    onastvar Member


    I changed domain name inside of the billing module from one domain to another domain 2-3 months ago. I'm not sure if change caused the issue.
    SSL Certificate works on,
    SSL Certificate doesn't work on port 8080 -

    When I create an invoice in Billing Module and when my client clicks on the link
    they get the following:

    Your connection is not private
    Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). Learn more
    PEM encoded chain:-----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----

    I'm looking on advice on how to fix the issue.
    Thanks in advance
    Last edited: Jul 17, 2018
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I assume you are using a valid SSL cert and not a self-signed cert. Then most likely the SSL chain/bundle certificates for the SSL authority you used are not configured in the ispconfig.vhost file.
  3. onastvar

    onastvar Member

    I'm using Lets Encrypt SSL. How to configure ispconfig.vhost?

    I see the following lines in my
    # SSL Configuration
    SSLEngine On
    SSLProtocol All -SSLv3
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    remove the # in front of the bundle line and restart apache.
  5. onastvar

    onastvar Member

    I removed # from
    #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
    Got error
    SSLCACertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.bundle' does not exist or is empty

    File ispserver.bundle was empty, I've added
    SSL Bundle from SSL tab of my website to
    restarted Apache,
    same issue "Your connection is not private"
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The ssl bundle must be the one from letsencrypt if you are using a letsencrypt ssl cert for the ispconfig UI.
  7. onastvar

    onastvar Member

  8. ISPConfig Developer ISPConfig Developer

    1st fail* defnitly works for me, there may be better tricks on your mentioned thread, don't know.

    Well yeah depending on how you configure dovecot ( using SNI or not ) your users would of course need to use whichever domain [theservice] handles valid ssl on.

    2nd fail*
    ah wrong topic
    was what I actually meant, if u change ISPConfig cert, it won't change operation of dovecot/postfix...

    final answer
    not my day ... forget my links ... I really thought I had this covered, too ^^

    *) kept for reference, just cleaning up to make 3 to 1 post
  9. onastvar

    onastvar Member

    Thank you!
    I'll give it a try!

Share This Page