@robi Here's the settings.!
Best posts made by omen
Latest posts made by omen
-
RE: Fastly Complaining About Self-signed Cert
Does anyone have a recommended course of action?
I should add that I am fine with keeping the fallback cert on the main domain used for access to my cloudron dashboard. But one of my additional domains needs to NOT use a self-signed cert as fallback, or I cannot use my CDN or use the MainWP Wordpress plugin, since both complain about use of self-signed certs (apparently even when it's not the primary cert).
I really need to get this resolved, and any assistance will be much appreciated!
-
RE: Fastly Complaining About Self-signed Cert
I have not provided a fallback cert. I see now that a self-signed cert is automatically provided if the optional fallback cert is not provided. What are my options here? The self-signed cert is causing problems, but I don't want to have to manually generate and upload a new cert every couple months.
-
RE: Fastly Complaining About Self-signed Cert
This same thing is causing issues with using the Wordpress plugin MainWP (https://mainwp.com/), which returns an error "HTTP error - SSL certificate problem: self signed certificate" when I try to connect other Wordpress Sites.
-
Fastly Complaining About Self-signed Cert
I'm trying to use Fastly as a CDN for my Wordpress site, but it is complaining that I'm using a self-signed cert.
The site is on a subdomain, and I am using the "Let's Encrypt Prod" certificate provider. When I do an SSL check via SSLLabs (https://www.ssllabs.com/ssltest/), I see the following:
Certificate #1: EC 384 bits (SHA256withRSA) Subject: subdomain.mydomain.com Common names subdomain.mydomain.com Alternative names subdomain.mydomain.com Trusted: Yes
That's great. But there's a second certificate:
Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI Subject cloudron-2021-11-17T01:23:33.708Z Common names cloudron-2021-11-17T01:23:33.708Z Alternative names - INVALID Trusted No NOT TRUSTED
This seems to be tripping Fastly up.
Why does this second certificate exist? Is there any recommended way to move forward?