0

I have a site running on Apache. My site is working properly for http requests, but not for https.

This site is behind ProjectShield and I followed this tutorial in order to activate my own SSL certificate https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

When I verify my SSL certificate I get this error: enter image description here

And the IP 107.178.244.221 is not my IP, it is Google's IP.

  • I have already enabled mod_ssl and opened ports 443 on the firewall.
  • I can connect to it through telnet on port 443.

It seems that when the certificate was generated it took the ProjectShield address, and I think that is why my certificate is not working, and that is why browsers are closing the connection.

Is it possible to generate a Let's Encrypt certificate having the site behing ProjectShield. Please help me, thanks!

UPDATE: ProjectShield detects my LetsEncrypt certificate, and that makes me think that the configuration for ProjectShield and the certificate is working.

enter image description here

As I'm recently pointing to another IP ProjectShield is not enabled. I have to create 2 A records but currently, I don't have the DNS management, so I will update in a few days.

Thanks again for your help.

Beto Aveiga
  • 159
  • 1
  • 9
  • 2
    *"And the IP 107.178.244.221 is not my IP, it is Google's IP."* - of course it is. If you are using ProjectShield you are behind the Google Network. Otherwise they could not protected you. Apart from that: if you want to hide your domain name it is not sufficient to make on occurrence of it in the image unreadable but you have to handle all occurrences of the name. – Steffen Ullrich Mar 12 '19 at 08:27
  • Thanks @SteffenUllrich it is not big deal but you are right, I missed that one. – Beto Aveiga Mar 12 '19 at 15:47

1 Answers1

3

It looks like you've just put your site behind ProjectShield by making the changes to DNS and then assumed that HTTPS will simply work if it was setup on your origin server. This is not the case. ProjectShield is essentially a CDN which does content inspection. In order to do so with HTTPS it needs to have a certificate.

I recommend that you read the documentation on Set up your website with Project Shield slowly and in full. Then you will see that it points to Set up a new site with https (SSL) which describes how to properly setup a site for HTTPS.

Steffen Ullrich
  • 13,227
  • 27
  • 39