Letsencrypt doesn't secure my URL

hauptstadtkind · September 12, 2019, 6:20pm

Hello, everybody,

although I installed and set up the Let’s Encrypt app (no error message) neither an encrypted connection to my domain nor to my server IP is established. According to the browser (Firefox, Chrome) the connection is ‘not secure’.

I have redirected one of my domains via A-Record to the server IP (works). I set up a fresh UCS installation on my server (using the re-directed domain name). After finishing the UCS installation I installed the Let’s Encrypt app from the UCS app store, set up my domain (domain.tld) there, run the test (Apache and Postfix). Everything went fine without errors. Then I removed the hook for the ‘test mode’ and successfuly requested the certificate.

Currently the app says: “Status: Certificate refreshed at Do 12. Sep 18:05:39 CEST 2019”

Everything looks good in UCS. But defacto encrypted connection won’t be established.

Anyone an idea here?

Cheers Toto

hauptstadtkind · September 12, 2019, 6:51pm

UPDATE: Whe I run the UCS system check a error occures on SSL:

Unvalid certificate ‘/etc/univention/letsencrypt/signed_chain.crt’ found:
error /etc/univention/letsencrypt/signed_chain.crt: verification failed

There are two more .crt-files in the same folder:

signed_chain.crt_20190912-011357
signed_chain.crt_20190912-180539

FrankM · September 13, 2019, 10:27am

And you’re connecting via https and not just http? In Firefox or Chrome you can view the contents of the certificate.

hauptstadtkind · September 13, 2019, 11:08am

Yes, sure. Via https.

fbartels · September 13, 2019, 11:27am

Hi @hauptstadtkind,

what is the output of curl -s -o /dev/null -v https://your-ucs-system/univention/portal/?

Edit:

The browser telling “not secure” today does no longer mean, that its not encrypted. But rather that the certificate chain is not fully trusted and therefore can be insecure (decryption through man in the middle etc).