I have Virtualmin installed and working fine on a VPS serving up a few wordpress sites, but am having issues setting up a subserver and using a Let’s Encrypt cert. I can request the cert just fine, using the Virtualmin interface. When I request the cert I get the expected success response that looks like this:
Requesting a certificate for sub.mydomain.com, www.sub.mydomain.com, mydomain.com, www.mydomain.com from Let's Encrypt ..
.. request was successful!
Configuring webserver to use new certificate and key ..
.. done
Applying Nginx configuration ..
.. done
Re-loading Webmin ..
.. done
Re-starting Usermin ..
.. done
Restarting mail server ..
.. done
However, my issue is that most browsers display a “Security error/Deceptive site ahead” warning. Why does this happen and how can I resolve it?
Additional notes:
the subserver is using a subdomain (i.e. sub.mydomain.com)
the subserver is setup as it’s on virtual server in Virtualmin, that is, it’s not a “subdomain” as Virtualmin defines it - i want this because I want each subserver to have it’s own home/public_html directory
the DNS A records are set for both the subdomain and www (i.e. sub.mydomain.com, www.sub.mydomain.com)
I have also tried including the main domain in the cert request - it “succeeds” on getting the cert, but same problem exists
I have setup non-sub-domain sites using the Let’s Encrypt tool and they seem to work just fine.
When doing a sub.domain.ltd only do the certificate for that level. Leave out the top level and see what happens.
You will have to manually enter them in the box before submitting.
Google displays this when it finds a page on your website which is impersonating another brand and attempting to fool visitors into divulging sensitive information.
You should check your logs for traffic to URLs and scripts that should not exist on your server.
Actually it shows in firefox and safari as well. I think that’s a good idea to check logs, and I’ll check them but should i expect such scripts on a vanilla install of Virtualmin and creating a new basic virtual server?
If you created a sub-server under a Top-level-server in Virtualmin than technically you only need to create an SSL Certificate for the sub-server under Virtualmin > subserver.mydomain.com > Server Configuration > SSL Certificate:
In Let’s Encrypt you will see “Domains associated with this server” subserver.mydomain.com
As to what @calport is trying to tell you, make sure you are not using a trademark brandname in your subserver.mydomain.com such as microsoft.mydomain.com will trigger browsers to give users the warning page before entering your website.
Actually, I just realized I did NOT create a sub-server. Rather I created a stand alone virtual server, and used a subdomain for a server that I already have (i.e. i already own mydomain.com and I created sub.mydomain.com). I don’t think I want or need to create a sub-server for each new virtual server - really I just need the subdomain. I’m using this for staging/test versions of new websites for my clients. So I can have website1.mydomain.com, website2.mydomain.com, etc. Ultimately they’ll have their own virtual server - and stand alone domain. Sorry for the confusion!
Ah, makes sense re branding! I’m not using any sort of well known domain as my subdomain, although the subdomain is registered as a .com domain. I don’t know how this would have any affect though as I’m only using the first part of the registered domain.
Your search engine rankings could be impacted @ferd-z if you have random subdomains under the domain of your primary brand.
If you must use subdomains for staging customer websites, then do this: create virtual server for your client domain even if it not yet registered or configured to work with your server and then create an alias for that virtual server and use your subdomain as an alias.
Use the alias for staging the website and when the customer has pointed his domain to your server, delete the alias.
Yes! I think this has resolved my issue. I just submitted a request and it seems to not be showing. I noticed that Firefox was also displaying the issue, but I read that Firefox subscribes to the Google API and displays this same warning.