My website has been running for a long time now, and suddenly today, after checking the traffic analytics noticed that it’s been down for the whole day. tried getting into the website and I get this error:
"Your connection is not private
Attackers might be trying to steal your information from mydomain.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID"
HSTS can be enabled by the origin server, it doesn’t have to be enabled by Cloudflare. If you ticked “force https” in your Discourse site’s settings, then that’ll do it.
If your site is being proxied by Cloudflare, then it’s a problem at their end, and not something wrong with Discourse. Otherwise, check the certificate you’ve configured Discourse to use, and ensure that it matches the name you’re using to access the site.
Yes, but it won’t do any good, as any previous visitor to the site will have remembered that HTTPS is supposed to be enabled, and will fail to connect (as shown in the error you originally pasted).
Define “shared one”.
You’re really not helping us help you here. Please describe your exact setup, including the actual domain name at issue, where you got the certificate from and when, all the servers and proxies in your chain, and so on. Then we might have a hope of spotting what’s gone wrong. At the moment, it’s an endless game of psychic debugging, which is clearly not working.
That’s a separate error message to “common name invalid”.
Even better, stopbyte.com isn’t emitting that error any more, it’s not saying the cert isn’t trusted, because it’s now presenting the Cloudflare special “Origin Certificate”, which is only trusted by Cloudflare. Put back the certificate you had before, and see what happens.
HSTS specifically takes longer because the browser has retained the instruction. For example on Chrome you can visit chrome://net-internals/#hsts and remove a domain, which will immediately bypass the old HSTS instruction.
Are you referring to the default shared SSL that CloudFlare implements? If not what’s the source?
In your app.yml did you enable support for Let’s Encrypt by uncommenting the entries for web.template.ssl and web.letsencrypt.ssl.template? They’re all you need for HTTPS at the server end. Once they’re working you can safely enable strict HTTPS at CloudFlare.