NetTalk Central
NetTalk Web Server => Web Server - Ask For Help => Topic started by: Richard I on June 02, 2019, 06:34:20 PM
-
Hi ,
Despite Bruce saying that getting a certificate from Lets encrypt is "trivial" I am finding it not so...
but recognize its probably my failings and not anything else...
I have set up on the Amazon Server, two inbound ports apart from port 80 , secure HTTPS 443 and Insecure HTTP 8191
and in the folder app after running a successful certificate test from port 80, deleted the certificate folder
When I run the real certificate option from the app and leaving the Insure port as 80 I get a successful download into the certificate folder of 6 files:two security certificates one of which is the CA., a CSR a CA.key, a sub-domain address key and a LE.key
When I run the app I get an error dialog box before the app opens:
"Secure Port set to 443 but no Server Domain names are set. Server will run, but is not secure."
Sure enough, when I say OK to this, the app opens but no mention in the header of 8191 only insecure 443
but in the log its reporting listening on 443 and listening on insecure 8191
From my remote browser the site does not open using either ports
On the security tab of the setting tab
secure port 443
Insecure port 8191
certificate folder is correct
Acme web folder is correct
CA account is correct
Domains ig.timepeace.co.nz
the web folder is correct on the site tab.
the address is correct ig.timepeace.co.nz
The sub domain name has been set in host Monster which is the hosting app I use. and the sub-domain points the correct IP address.without the port number.
There must be something else I am missing??
Thanks,
Richard
Nt 11.10
-
the site subsequently opens using IE from 3.83.103.153:443/
-
Hi Further to-
What does this mean?
Does this help?
Secure Connection Failed
An error occurred during a connection to ig.timepeace.co.nz. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Learn moreā¦
Report errors like this to help Mozilla identify and block malicious sites
-
Hi Richard,
From a similar problem I had, I used following advise from Bruce to solve it:
a) Check the WebServer procedure, NetTalk Extension. Specifically the first few settings on the General tab;
Host Names (CSL): Set:Domains
Listen on Secure Port: Set:SecurePort
Listen on Insecure port: Set:InsecurePort
The Host Names setting is by default NOT Set:Domains.
I don't know if this apply to your situation, but worth a try.
Cheers
/Poul
-
Hi Poul, Thanks for that - yes all set correctly.
See further up posts
Cheers
Richard
-
Hi Richard,
Check out the docs here;
https://www.capesoft.com/docs/NetTalk11/NetTalkWebSecure.htm
Especially
https://www.capesoft.com/docs/NetTalk11/NetTalkWebSecure.htm#Troubleshooting
specifically note that LetsEncrypt will talk to your server on port 80, so your insecure port has to be port 80.
Cheers
Bruce
-
>> When I run the app I get an error dialog box before the app opens:
>> "Secure Port set to 443 but no Server Domain names are set. Server will run, but is not secure."
your settings in your WebServer procedure, NetTalk Extension, Settings TAB - at COMPILE time are wrong.
They must be set:domains for the csl, and set:secureport and set:insecureport for the
then at RUNTIME the domains box must contain
ig.timepeace.co.nz
I presume you are running this on the ig.timepeace.co.nz server?
At runtime the insecure port MUST BE 80. The insecure port can be anything you like, but 443 is the one you want to use.
Cheers
Bruce
-
Hi Bruce and Poul,
As always, many thanks for help received.
I went through the extension settings again Poul and then recompiled.
Just to let you know it worked perfectly after getting the certificate this morning and ig.timepeace.co.nz in now live
I think the problem might have been that I reset the zone editor in Hostmonster which I now note, takes up to 4 hours to set , so maybe Iwas being too quick yesterday.
Im a "happy chappie" again!
Thanks
Richard