Question
Getting: NET::ERR_CERT_COMMON_NAME_INVALID after moving hosting from Netlify to my Droplet.
- Posted on February 8, 2020
- NginxLet's EncryptUbuntu 18.04
Asked by hbendixlewis
I’m in the process of moving all my Netlify domains into my DigitalOcean Droplet and wanted to make this the main one (the rest as subdomains). I already have a Node API hosted on the default sites-available.
I follwed this tutorial: https://linuxize.com/post/how-to-set-up-nginx-server-blocks-on-ubuntu-18-04/
In my /var/www/ I have a folder called repetitio.co.uk which is the domain name. Within this has public_html and contains index.html and the rest of the static site pulled via Git. My API code is hosted in my Home directory under RepetitioServer.
Within my /etc/nginx/sites-available is repetitio.co.uk which has my server file which contains:
server {
listen 80;
listen [::]:80;
root /var/www/repetitio.co.uk/public_html;
index index.html;
server_name repetitio.co.uk;
ssl_certificate /etc/letsencrypt/live/repetitio.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/repetitio.co.uk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/repetitio.co.uk/chain.pem;
access_log /var/log/nginx/repetitio.co.uk.access.log;
error_log /var/log/nginx/repetitio.co.uk.error.log;
include snippets/ssl-params.conf;
location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ =404;
}
}
I ran certbot and got the OK and copied the certs URL as shown above. Running sudo nginx -t returns
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Now when I navigate to repetitio.co.uk I get
Your connection is not private
Attackers might be trying to steal your information from repetitio.co.uk (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
My default server file looks like:
server {
listen 80;
listen 127.0.01;
listen [::]:80 ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ww2.zone;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/ww2.zone/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ww2.zone/privkey.pem; # managed by Certbot
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:5000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Should also mention that I updated my CNAME records and have my domain in DigitalOcean Dashboard pointing to my droplet.
Any help is greatly appreciated.
Harry
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Hi @hbendixlewis,
It seems like there is something wrong with your SSL certificate. I’ll recommend you to check the certificate from here :
And verify it actually works properly (here)[https://www.sslshopper.com/certificate-decoder.html].
If the Certificate and the Key do not match, I’ll recommend reissuing the certificate.
Regards, KDSys