Announcement

Collapse
No announcement yet.

Let's Encrypt not working on Safari Desktop

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Let's Encrypt not working on Safari Desktop

    I don't know about Safari on mobile devices (I'll check tonight when I get a hold of my sister's Apple iPhone with Safari), but when I vising any of the sites on my OVZ VPS that use a Let's Encrypt cert, Safari Desktop (on a Windows PC) can't access

    Message: "Safari can't open the page because Safari can't open a connection to the server."


    But when I visit other sites using Let's Encrypt, Safari can access them. Here's one site I found https://www.trunkful.com/

    Is anyone else having this problem? I'd like to narrow things down before I contact support. I don't know if it's on RP's end, a problem on my VPS, or what.

    Any help would be appreciated.
    Last edited by vrepub; 26-04-2018, 01:32 PM.

  • #2
    Hello,

    This is now a global issue.

    The case here is that the domain`s SSL was configured from the 'Let`s Encrypt' issuer with incorrect hostname:

    https://www.sslshopper.com/ssl-check...renetpages.com

    Where the issue is stated from the SSL checking tool:



    In order to resolve the issue and have a correct free SSL installed for your domain, you should only set the domain not to be using SSL from the section from where the SSL is configured for the domain. After you save the settings, set again 'Request a Let`s Encrypt certificate' and the correct certificate should be installed for your domain.

    This, as stated, is an issue with the certificate issuer which is investigated by our developers and should be fixed soon.

    Best Regards,
    Technical Support.

    Comment


    • #3
      All my domains/sites are have their Let's Encrypt SSLs issued using the 'Request a Let`s Encrypt certificate' selection. I never used the other SSL settings to issue a Let's Encrypt cert.

      What you see in the pic below is what all my sites/ domains SSL show in their field under "advanced" settings". So unless I am misunderstanding you, this does not apply to my situation.



      Besides, all of my other domains/sites check out fine with that tool you linked to, yet they cannot be accessed with Safari browser. I have no idea why sslshopper shows that "common name" problem on that one domain. Could be because I just set it up and the NS has not fully resolved yet? I don't know.

      Regardless, the problem still exists on all other sites/domains on my account despite being set to "Let's Encrypt" in advanced settings and despite checking out properly at sslshopper.
      Last edited by vrepub; 26-04-2018, 01:33 PM.

      Comment


      • #4
        Hello,

        This is exactly to what I am referring. Once the SSL for a domain is issued from the stated section the SSL could be installed with incorrect hostname due to which the browser is detecting is as incorrect.

        After from the same section you click for the domain the option listed in the same drop-down menu 'Do not use SSL'



        Click the changes to be applied. Allow some additional time and then click again ' Request Let`s Encrypt SSL', the correct certificate should be installed for the domain.

        I hope this helps! Feel free to open a ticket from the server regarding the case to receive further assistance.

        Comment


        • #5
          OK, so if I understand you correctly, you want me to...

          1. Set all domains to 'Do not use SSL'
          2. Then after a time, change them back to ' Request Let`s Encrypt SSL'?

          Is this correct?

          Comment


          • #6
            Hello,

            Yes, this is correct.

            The procedure should be made only for domains which resolve in the browser as untrusted.

            Comment


            • #7
              Thank you. I will do this then report back with my results.

              Comment


              • #8
                I did as prescribed for all domains on my account (all have Let's Encrypt SSL).

                1. Changed all domains to 'Do not use SSL'
                2. Waited about 3 hours, then
                3. Change them back to ' Request Let`s Encrypt SSL'?
                4. Let go overnight then check all sites in Safari desktop browser

                Still, Safari can't connect to any of the websites.

                (All domains checkout fine on SSLshopper)

                Comment


                • #9
                  Hello,

                  Could you clear your cache first and test again.

                  Once the certificate passes the check form the online tools it should be valid in all browsers.

                  If the issues persist, contact us in a ticket from the account in which it was located.

                  Comment


                  • #10
                    I forgot to mention that I did cleared my cache in my Safari Browser before I checked the sites. I will have to open a ticket.

                    Comment


                    • #11
                      Tried on two Win 7 Pro PCs & 1 Win 7 Home laptop I have using Safari 5.1.7 as well as browserling.com and this issue persists.

                      But I looked sites up on my sister's iphone 6 & sites work fine.

                      So, I have chalked this issue up to Safari desktop for Windows being an outdated and/or junky browser not worth much more time and effort.

                      I will put this issue to rest but if someone has a technical explanation with a solution, I'm all ears.

                      Comment


                      • #12
                        Hello,

                        I could only guess without actually inspecting the browser which you have installed, although as stated in the ticket reply the issue most likely is caused due to the fact that the stated Safari version which you are using 5.1.7 is released 2010 where the 'Let`s Encrypt' certificate issuer started its operation in 2014 and the old Safari might not have the issuer added as trusted in the browser trusted CAs.

                        As we all know in order a certificate to be resolving as valid in the browser the browser should have the certificate issuer`s CA.

                        Answer (1 of 2): Certificate Authorities (CA) are usually members of CA/Browser Forum. Browsers already have the information about trusted CA in their installation pack. The longer the CA has been operational, the more browsers and devices will trust the certificates the CA issues. Basically SS...


                        The difference which I have pointed between the Safari 5.1.7 and the 'Let`s Encrypt' cert. which your domains are using is that the browser is developed and released before the 'Let`s Encrypt' authority was established due to which the CAs of the authority is not present in the browser config.



                        As stated I could only be guessing as I do not have direct access to the browser and the computer to investigate further, although this sounds like a logical explanation.

                        Best Regards,
                        Technical Support Department.

                        Comment


                        • #13
                          Right, that's what the problem is. I don't know much about Apple products so I didn't realize Safari for Windows was not being updated.

                          Comment


                          • #14
                            Originally posted by mdragomirov View Post
                            Hello,

                            This is exactly to what I am referring. Once the SSL for a domain is issued from the stated section the SSL could be installed with incorrect hostname due to which the browser is detecting is as incorrect.

                            After from the same section you click for the domain the option listed in the same drop-down menu 'Do not use SSL'



                            Click the changes to be applied. Allow some additional time and then click again ' Request Let`s Encrypt SSL', the correct certificate should be installed for the domain.

                            I hope this helps! Feel free to open a ticket from the server regarding the case to receive further assistance.
                            I was facing same now I have also opened a ticket in support forum
                            Last edited by clivejo; 06-09-2020, 03:49 PM. Reason: Removed injected spam link from QUOTED section

                            Comment

                            Working...
                            X