SSL Certificate but Not Secure!

Operating system Ubuntu Linux 22.04.1
Webmin version 2.011
Usermin version 1.860
Virtualmin version 7.5
Authentic theme version 20.11.1:4
Kernel and CPU Linux 5.15.0-58-generic on x86_64

OK - I doubt if this is a Virtualmin issue but it happened using it, so maybe.
Have I just missed a (possibly new) setting

A nice new box yesterday. (Here we go again - have I learned anything?)

LEMP build - of course.

I couldn’t add SSL yesterday as I was waiting for DNS propagation. This morning added SSL and All worked smoothly LE certificate obtained and reported in “Current Certificate” so nothing unusual there.

But browse to https://domain.tld and I get the “Not secure” warning!
yet https://www.domain.tld is Secure

Same on other browsers.

The default Virtualmin page loads and is displayed OK

If I click on the triangle to view (Chrome) it informs me that there is a certificate and it is issued by LE and is valid but still “Not Secure”

This means one of two things:

  1. You requested a cert only for www.domain.tld, not including domain.tld (those are two different names, if the cert is not specifically issued for both, it is not for both).
  2. You’re not hitting the same site for both addresses. Either a different physical server or different VirtualHost is being served. This either means DNS is wrong, or there is one of several possible misconfigurations in the VirtualHosts. (the “wrong site shows up” section of our troubleshooting FAQ covers many of those: Website Troubleshooting – Virtualmin)

In addition to what Joe said, just Edit Virtual Server and confirm if “SSL website enabled” box is checked for this virtual server.

  1. No it was requested for domain.tld www.domain.tld and mail.domain.tld and is confirmed as such on the “Current Certificate”
  2. Only one box. Domain registered new (to owner) I did say I doubt if this is a Virtualmin issue. I’m blaming DNS ?

One thing I have noticed: (I find a little odd)
The domain starts withe the character “1” like 1domain.tld This is repeated correctly in the cert and in most pages of Virtualmin BUT not in the home directory which has appeared as /home/onedomain and the Admin Username as onedomain yet the Admin group as 1domain ? where did the one come from (not me) — that explains why I couldn’t find the home directory, I wonder if something else couldn’t find it? What is the problem with the character “1”? does “2” get changed to “two” etc?

Not a box I know of or have checked.
I could’t find it?

Edit Virtual Server (there is only one) does not give me that option

In Enabled Features, something like this:

1 Like

Nothing like that :slight_smile: thought I hadn’t seen it anywhere

This is what the Edit Virtual Server screen of one of Virtualmin LEMP servers looks like:

Note the checkbox captioned Nginx SSL Website Enabled. I have it and you don’t.

@calport Thanks for persevering with this. I have just checked ALL of my Vmin installs all up-to-date with v7.5 as above some on Ubuntu 20.04 and every one has the same as my post above No checkbox or mention of Nginx SSL website enabled.

Though presumably as https://www.domain.tld is OK even if no checkbox can be found it is being served as a “Nginx SSL website enabled”. Which makes me think as @Joe stated probably some DNS issue.

But you have me worried about why I cannot see that checkbox?

nginx is its not Apache. I think everybody else is talking about Apache settings.

You’d have nginx config options, which come from the nginx/nginx-ssl plugins.

Thank the powers that be! :smiley:

Yes I thought that at first but in @calport the 2nd posted image it is also an Nginx install yet that clearly shows a “checkbox captioned Nginx SSL Website Enabled” yet none of mine do. There is clearly some unexplained difference. Although all Virtual servers are missing this checkbox. Only this particular box is failing to show the website as “padlocked”

Today. I have added another domain (one I now have as a standby test domain) as virtual server (24 hrs to propagate) and that one is working with LE cert on both and - (NB still no checkbox) So again Is this because the original domain name starts with a “1”? Does Chrome/Firefox/ ISP reject such domain names a bit like what I have heard about the .dev tld ?