The certificate is not trusted

DNAAdmins · September 3, 2017, 10:09pm

Hello there !
i am trying to get a SSL certification for my site , i generated request CRS from Cpanel and then pasted it in startcomca with the domain name and my email and get SSL certification , then copied it in the certification field in Cpanel and clicked on upload certification ,when i checked it it appeared that The certificate is not trusted ,what i did wrong ?

hope you guys will help me , thanks .

sapoyrana · September 3, 2017, 11:42pm

@DNAAdmins said:
startcomca

it’s just that startcom certs are not trusted without the intermediate authority.

normally you would use a complete cert chain that includes both the int cert and your own, but this free hosting does not allow for that.

use a different (trusted) cert provider or different / paid hosting

PS: this place policy of not automatically supporting letsencrypt free certs just bit them in the butt. their own cpanel is screwed as of now until they manually(!) renew the cert :lol:

Admin · September 4, 2017, 8:05am

Note that in your screenshot, it shows a warning, not an error. Your certificate should still work.

Where does it say “The certificate is not trusted”? Are you just referring to the SSL checker? What happens if you open the website with https in your browser?

DNAAdmins · September 4, 2017, 9:19am

it works !! but it says :
www.mydomain.com uses an invalid security certificate. The certificate is only valid for mydomain.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

what i can do now ?

Admin · September 4, 2017, 10:41am

@DNAAdmins said:
it works !! but it says :
www.mydomain.com uses an invalid security certificate. The certificate is only valid for mydomain.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

what i can do now ?

You could start by including a domain name we can actually check.

DNAAdmins · September 4, 2017, 10:53am

sorry for that
my domain is : dna-team.epizy.com

DNAAdmins · September 4, 2017, 10:54am

how can i make my site start without www. ?

Admin · September 4, 2017, 4:25pm

@DNAAdmins said:
sorry for that
my domain is : dna-team.epizy.com

I have checked your site and the certificate was installed correctly. However (I forgot about this as well), StartCOM certificates were blacklisted earlier this year by most browsers due to bad business activities of their parent company.

StartCOM was taken over by WoSign without any notification and WoSign issued certificates for domain names without proper validation, which is a huge security disaster. That’s why all their certificates are blocked by browsers.

@DNAAdmins said:
how can i make my site start without www. ?

I don’t know. Your script is redirecting your visitors, you should check your website settings.

DNAAdmins · September 4, 2017, 10:08pm

can you suggest me a good ssl vendors ?? which offer it free .
many thanks

DNAAdmins · September 4, 2017, 10:18pm

and by the way how can i check if i installed the certification correctly ??
thank you again for your help

Admin · September 5, 2017, 8:13am

@DNAAdmins said:
and by the way how can i check if i installed the certification correctly ??
thank you again for your help

Any web based SSL checkers should do the job, the SSLshopper one you used should work fine as well.