Letsencrypt doesn't secure my URL

Hello, everybody,

although I installed and set up the Let’s Encrypt app (no error message) neither an encrypted connection to my domain nor to my server IP is established. According to the browser (Firefox, Chrome) the connection is ‘not secure’.

I have redirected one of my domains via A-Record to the server IP (works). I set up a fresh UCS installation on my server (using the re-directed domain name). After finishing the UCS installation I installed the Let’s Encrypt app from the UCS app store, set up my domain (domain.tld) there, run the test (Apache and Postfix). Everything went fine without errors. Then I removed the hook for the ‘test mode’ and successfuly requested the certificate.

Currently the app says: “Status: Certificate refreshed at Do 12. Sep 18:05:39 CEST 2019”

Everything looks good in UCS. But defacto encrypted connection won’t be established.

Anyone an idea here?

Cheers Toto

UPDATE: Whe I run the UCS system check a error occures on SSL:

Unvalid certificate ‘/etc/univention/letsencrypt/signed_chain.crt’ found:
error /etc/univention/letsencrypt/signed_chain.crt: verification failed

There are two more .crt-files in the same folder:

  • signed_chain.crt_20190912-011357
  • signed_chain.crt_20190912-180539

And you’re connecting via https and not just http? In Firefox or Chrome you can view the contents of the certificate.

Yes, sure. Via https.

Hi @hauptstadtkind,

what is the output of curl -s -o /dev/null -v https://your-ucs-system/univention/portal/?

Edit:

The browser telling “not secure” today does no longer mean, that its not encrypted. But rather that the certificate chain is not fully trusted and therefore can be insecure (decryption through man in the middle etc).

Mastodon