My Forum Is showing "Privacy Error" after upgrading SSL certificate

Hi,

I have installed the https://zerossl.com free SSL certificate before on my forum ask.mybloggertricks.com using PUTTY. But when I tried updating it by following the same process, no matter how many times I try to update, I am continuously getting this error message

Your connection is not private

Attackers might be trying to steal your information from ask.mybloggertricks.com (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_DATE_INVALID

I am following the exact same method as explained here. https://zerossl.com/free-ssl/#crt

Please help me in restoring my site

Why do you need zerossl when discourse docker already installs and configures letsencrypt for you?

2 Likes

Why didn’t you use the free automated certificate from let’s encrypt?

1 Like

I echo the others’ questions about why you aren’t using the built-in Let’s Encrypt support, rather than manually getting the cert and attempting to install it. But regardless of why you’re doing it this way, the error is telling you that the cert date is invalid, which is because it expired in April. You’ll need to either figure what you’re doing wrong in the manual cert installation, or figure out how to use the built-in automated support (with the latter being the better plan, IMO).

3 Likes

I installed it manually because at that time the built-in Let’s encrypt support was not available. Let me try once more and get back for help. Let me check the date which I am 100% sure is correct but still I will try once more.

Hi I just re-uploaded my domain.crt and domain.key to cd/var/discourse/shared/standalone/ssl but I am getting the same error that my certificate has expired and its pointing towards Let’s encrypt Authority X3 while in fact my certificate is provided by https://zerossl.com/free-ssl/#crt

Can anybody please help in detail?

That’s to be expected–zerossl.com doesn’t issue certificates; they’re simply a web-based front-end to Let’s Encrypt.

I don’t know what you uploaded or where, but you’re still serving an old cert–it expired on 17 April. You’ve issued five more certs since then (see here for details), most recently today, but your site is still using the cert issued 17 January (which expired 17 April). This is just one of the many reasons why you should use an automated system to get certs from Let’s Encrypt, and that’s really what you should do here. This looks like a good place to start:

4 Likes

After you changed the files did you restart the discourse container? (or at least reloaded nginx in the container)

1 Like

Built in certs are available to any current install.

Updated and the files are showing as domain.crt and domain.key in shared/standalone/ssl file also. But no use.

I updated via this command

cd /var/discourse
git pull
./launcher rebuild app

Was there some documentation that told you that this is where those files should go? And you can use the openssl command to view the cert details and make sure they’re correct–run openssl x509 -in domain.crt -text -noout. What’s the output of that command?