This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
DigiCert also returns an error for this free SSL certificate:
TLS Certificate is not trusted
The certificate is not signed by a trusted authority (checking against Mozilla’s root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.
Other Information
This error is returned when going through a proxy server to the remote website (leaf-linux.com). Digicert is reporting that the certificate has not been signed by the issuer. This is what I got after requesting a free SSL certificate. I have previously used Let’s Encrypt via getssl and it always worked correctly. Can you explain this. Thanks.
(other information and details relevant to your question)
Certificate chains are not supported on free hosting natively, so some devices or proxy servers will have an error while trying to access your website through HTTPS. Use Cloudflare’s Full SSL mode to fix that problem and have a working certificate with a certificate chain. Also, I suggest enabling Always Use HTTPS mode for forcing HTTPS with Cloudflare.
I used the online panel from the main infinityfree login to request a free SSL certificate from the Infinity free system. I created the CNAME records, copied them, then waited for DNS to update, then I requested the certificate from panel 2, then it appeared to automatically install it on my domain in panel 3. You can verify the issued certificate from leaf-linux com by going to digicert.com/help and entering the leaf linux domain. It reports a TLS cert invalid error because the certificate was not properly signed by Let’s Encrypt.
I already have php code that will force it to https. I will go enable it. I turned it off because I was getting this error through the proxy server. I am running squid4.10
The latest is squid 4.13, Lets encrypt may not be installed with their certificates in the older version, please update squid to recieve new root ca’s. Or your computer is missing the root certificates
No, TLS is not dependent on the cache. The proxy server is reporting that the certificate is invalid. Digicert also reports the certificate is invalid. That is because THE CERTIFICATE IS INVALID. The certificate is invalid because it has not been signed by the issuer. It happens to work on some browsers because they are not requiring it be signed. Squid will throw an error because the certificate issued for that site fails verification. If Infinityfree is going to issue certificates like this, they need to make certain they have been signed by Let’s Encrypt. The certificate on my website, which was issued by the automated infinityfree website is invalid. This means most proxy servers with virus detection and content filtering will not trust it and throw this error.
connect through a squid proxy server with ssl bumping enabled to support virus scanning, and watch it crash. Also, I have said it before go and lookup the leaf linux website on digicert.com/help and enter the URL. It reports the CERTIFICATE IS INVALID.
Look, simply put, either the free certificates work or they don’t. “Working” is defined as the certificate being accepted as valid in accordance with accepted SSL/TLS standards. If digicert/help throws errors, the free certificate is BROKEN. One reasonable standard which seems really simple is to get the certificate actually SIGNED by Let’s Encrypt. The certificate is UNSIGNED, which means it FAILS in actual real time use. Why do I need a certificate chain for an advertised FREE certificate. What the site issues should pass even the most simple validation steps.
The problem isn’t on the your free ssl certificate. It’s problem of the server. And as Ergastolator explained: if you enable cloudflare through your cPanel that will fix the issue.
TLS Certificate is not trusted
The certificate is not signed by a trusted authority (checking against Mozilla’s root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.
It was signed already but it only lacks of Certificate Chain and Root Certificate. Chain Certificate are still not supported. Just like everybody said.
If you get any website hosted on the free hosting network and with a valid ssl certificate you will always get the same error as the problem is on servers certificate and not your site’s. The ssl certificate tool of InfinityFree works fine.
You get this hosting for free but others pay for it. You must understand this. There are multiple servers in the free hosting network and much money would needed for that TLS certificates.
You may upgrade to premium if you want to that support’s Chain Certificates and you won’t have problems like this.
