NetTalk Central

Author Topic: Issues getting a working certificate on an Amazon server  (Read 6378 times)

Richard I

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
    • Email
Issues getting a working certificate on an Amazon server
« on: June 02, 2019, 06:34:20 PM »
Hi ,
Despite Bruce saying that getting a certificate from Lets encrypt is "trivial" I am finding it not so...
but recognize its probably my failings and not anything else...

I have set up on the Amazon Server, two inbound ports apart from port 80  , secure HTTPS 443 and Insecure HTTP 8191
and in the folder app after running a successful certificate test from port 80, deleted the certificate folder

When I run the real certificate option from the app and leaving the Insure port as 80 I get a successful download into the certificate folder of 6 files:two security certificates one of which is the CA., a CSR  a CA.key, a sub-domain address key  and a LE.key


When I run the app I get an error dialog box before the app opens:

"Secure Port set to 443 but no Server Domain names are set. Server will run, but is not secure."

Sure enough, when I say OK to this, the app opens but no mention in the header  of 8191 only insecure 443
but in the log its reporting listening on 443 and listening on insecure 8191
From my remote browser the site does not open using either ports

On the security tab of the setting tab
secure port 443
Insecure port 8191
certificate folder is correct
Acme web folder is correct
CA account is correct
Domains  ig.timepeace.co.nz
the web folder is correct on the site tab.

the address is correct ig.timepeace.co.nz


The sub domain name has been set in host Monster which is the hosting app I use. and the sub-domain points   the correct IP address.without the port number.

There must be something else I am missing??

Thanks,
Richard
Nt 11.10
 

Richard I

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
    • Email
Re: Issues getting a working certificate on an Amazon server
« Reply #1 on: June 02, 2019, 06:47:23 PM »
the site subsequently opens using IE  from 3.83.103.153:443/

Richard I

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
    • Email
Re: Issues getting a working certificate on an Amazon server
« Reply #2 on: June 03, 2019, 01:02:23 AM »
Hi Further to-
What does this mean?

Does this help?

Secure Connection Failed

An error occurred during a connection to ig.timepeace.co.nz. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

Learn moreā€¦

Report errors like this to help Mozilla identify and block malicious sites

Poul Jensen

  • Full Member
  • ***
  • Posts: 191
    • View Profile
    • Email
Re: Issues getting a working certificate on an Amazon server
« Reply #3 on: June 03, 2019, 01:29:04 AM »
Hi Richard,

From a similar problem I had, I used following advise from Bruce to solve it:

a) Check the WebServer procedure, NetTalk Extension. Specifically the first few settings on the General tab;
Host Names (CSL): Set:Domains
Listen on Secure Port: Set:SecurePort
Listen on Insecure port: Set:InsecurePort

The Host Names setting is by default NOT Set:Domains.

I don't know if this apply to your situation, but worth a try.

Cheers
/Poul

Richard I

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
    • Email
Re: Issues getting a working certificate on an Amazon server
« Reply #4 on: June 03, 2019, 01:53:18 AM »
Hi Poul, Thanks for that - yes all set correctly.
See further up posts
Cheers
Richard

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Issues getting a working certificate on an Amazon server
« Reply #5 on: June 03, 2019, 05:32:35 AM »
Hi Richard,

Check out the docs here;
https://www.capesoft.com/docs/NetTalk11/NetTalkWebSecure.htm
Especially
https://www.capesoft.com/docs/NetTalk11/NetTalkWebSecure.htm#Troubleshooting

specifically note that LetsEncrypt will talk to your server on port 80, so your insecure port has to be port 80.


Cheers
Bruce



Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Issues getting a working certificate on an Amazon server
« Reply #6 on: June 03, 2019, 05:37:19 AM »
>> When I run the app I get an error dialog box before the app opens:
>> "Secure Port set to 443 but no Server Domain names are set. Server will run, but is not secure."

your settings in your WebServer procedure, NetTalk Extension, Settings TAB - at COMPILE time are wrong.
They must be set:domains for the csl, and set:secureport and set:insecureport for the

then at RUNTIME the domains box must contain

ig.timepeace.co.nz

I presume you are running this on the  ig.timepeace.co.nz server?
At runtime the insecure port MUST BE 80. The insecure port can be anything you like, but 443 is the one you want to use.

Cheers
Bruce



Richard I

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
    • Email
Re: Issues getting a working certificate on an Amazon server
« Reply #7 on: June 03, 2019, 04:47:31 PM »
Hi Bruce and Poul,
As always, many thanks for help received.
I went through the extension settings again Poul and then recompiled.
Just to let you know it worked perfectly  after getting the certificate this morning and ig.timepeace.co.nz in now live
I think the problem might have been that I reset the zone editor in Hostmonster which I now note, takes up to 4 hours to set , so maybe Iwas being too quick yesterday.
Im a "happy chappie" again!
Thanks
Richard