I get other website's tls certificate when visiting my website

Question

i have a weird issue while visiting my website using https...

I can't track how often this happens, but sometimes T get a TLS certificate of another website.... and the browser warns me that the certificate is fake. however I set the certificate using "let's encrypt" and there shouldn't be any problem with that...

I remember that it happened once before i set the TLS cert to my domain so lets encrypt its probably not the cause of the problem, but i would like to know what can cause that?

I would like your help guys! thanks ahead.

EDIT: Here's my nginx config:

# Redirect www to non-www and http to https
#
server {
    server_name doctorice.co.il www.doctorice.co.il;
    return 301 https://doctorice.co.il$request_uri;
}

server {
    listen 443;
    server_name www.doctorice.co.il;
    ssl_certificate      /etc/letsencrypt/live/doctorice.co.il/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/doctorice.co.il/privkey.pem;
    return 301 https://doctorice.co.il$request_uri;
}

# The actual server configuration goes here:
#
server {
    listen       443 ssl;
    server_name  doctorice.co.il;

    ssl_certificate      /etc/letsencrypt/live/doctorice.co.il/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/doctorice.co.il/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    charset utf-8;

    root   /var/www/doctorice/public;
    index index.php index.html index.htm;

    # Redirecting all requests to index.php and enabling rewrites.
    #
    location / {
        try_files $uri $uri/ @rewrites;
    }

    location @rewrites {
        rewrite ^(.*) /index.php?p=$1 last;
    }

    # Making sure enyone can access .well-known directory
    # for auto-renewal of the ssl sertificates. Do not remove!
    #
    location ~ /.well-known {
        allow all;
    }

    # Redirectiong 404's to craft cms.
    #
    error_page  404              /index.php;

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # Pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

To get the cert, i cloned the "lets encrypt" repo and ran:

./letsencrypt-auto certonly --standalone

And then, i just followed the instructions.

The link to the website is http://doctorice.co.il/

Answer 1

Your certificate is for the root domain only, it doesn't include the www domain. You have a server listening for https connections on the www domain that is using a certificate that's not valid for the www domain, which causes a certificate warning. You will get a certificate warning when you go to https://www.doctorice.co.il/

The solution is to get a certificate which includes both the root domain name and the www domain name, or issue a second certificate for the www domain. I suggest one certificate with two domain names, which is easy to do with Let's Encrypt.

Note that while this is a problem, it may or may not be the root cause of the occasional problem you're seeing. Try it and report back if it happens again.