Opened 5 months ago

Last modified 4 months ago

#13668 assigned Bug/Something is broken

SSL installation - 'Connection not private message'

Reported by: https://id.mayfirst.org/workersliberty Owned by: https://id.mayfirst.org/workersliberty
Priority: Urgent Component: Tech
Keywords: Cc:
Sensitive: no

Description

Hi our developers have sent the following:

Thanks, Stephen

We have taken a look at the SSL installation and have started the process using letsencrypt (which is the auto option from the dropdown)

Can you please ask MayFirst to advise what needs to be done next as we don't have privileges to complete the next steps of the SSL installation.

The site will show as 'Your connection is not private' to view the site click on the grey text 'ADVANCED' on the bottom left.

If you can ask mayfirst to finish off this process or to supply access privileges so that we can do it!

It's an inconvenience but this needs to be done

Change History (15)

comment:1 Changed 5 months ago by https://id.mayfirst.org/workersliberty

  • Priority changed from Medium to High
  • Summary changed from SSL installation - 'Comnection not private message' to SSL installation - 'Connection not private message'

comment:2 Changed 5 months ago by https://id.mayfirst.org/jaimev

Hi there is a problem creating the LetsEncrypt cert for the site because the main domain workersliberty.org is not configured to direct to the ip address of teh website host albizu. This domain is not using the May First nameservers so we cannot enable an effective DNS entry for you. The domains www.workersliberty.org and australia.workersliberty.org are configured correctly.

comment:3 Changed 5 months ago by https://id.mayfirst.org/workersliberty

  • Priority changed from High to Urgent

comment:4 Changed 5 months ago by https://id.mayfirst.org/jaimev

Hi, I'm not sure if the implications of my response above were clear. We need the whoever has control over the workersliberty.org domain name and DNS reords to assign that domain to the correct ip address.

comment:5 Changed 5 months ago by https://id.mayfirst.org/jaimev

  • Owner set to https://id.mayfirst.org/workersliberty
  • Status changed from new to assigned

comment:6 Changed 5 months ago by https://id.mayfirst.org/workersliberty

The problem is that Nick, the person who set up the domain names in the first place didn't, as far as we can find out so far (though we're inquiring further with him), set up workersliberty.org. He set up www.workersliberty.org and australia.workersliberty.org, but he passed those on, and as far as we understand those are correct. Damian, the web developer we've employed recently, says: "The domain name www.workersliberty.org has always directed to the website correctly, but typing it in like workersliberty.org has never gone to the site. (This is because it was never set up in the beginning). Mayfirst unfortunately can't help us here as we need the login of where workersliberty.org manage the DNS, which is memset.com (so they both point to mayfirst). Without this login, we can't do anything". Nick has no record of a memset.com log-in. https://whois.icann.org/en/lookup?name=workersliberty.org says that workersliberty.org was registered in 1998 and updated in November 2017, but both Nick and Damian deny knowledge. We're doing what we can with Nick and Damian, but both disclaim any knowledge. Sorry, but do you have any advice for a workaround?

comment:7 Changed 5 months ago by https://id.mayfirst.org/workersliberty

Stephen has contacted Tucows and Hover to see if he can find out more about the domain registration for workersliberty.org

comment:8 Changed 5 months ago by https://id.mayfirst.org/workersliberty

Hi

It looks like we are getting somewhere.

Which nameservers can we use to point the domain to please.

If we can setup all the below records in your DNS file and then we can change name servers as needed

Thanks

Stephen

workersliberty.org Found 7 subdomains Subdomain IP address Actions mail.workersliberty.org 209.51.163.7 www.workersliberty.org 209.51.163.7 australia.workersliberty.org 209.51.163.7 archive.workersliberty.org 209.51.163.199 old.workersliberty.org 209.51.163.199 lists.workersliberty.org 209.51.172.12 workersliberty.org ?

comment:9 Changed 5 months ago by https://id.mayfirst.org/jaimev

Yes, you can use the nameservers a.ns.mayfirst.org and b.ns.mayfirst.org

You can setup all of the DNS records you listed above through the May First control panel before the change so that they are already in place before you change name servers.

You can add,edit, or delete DNS records as needed here:

https://members.mayfirst.org/cp/index.php?area=hosting_order&hosting_order_id=563&service_id=9

Let us know if you need help with that.

comment:10 Changed 5 months ago by https://id.mayfirst.org/workersliberty

Thanks for this.

Is it possible to now finish off installing the SSL certificate (LetsEncrypt).The developers say they have done as much as they can at their end without root access.

comment:11 Changed 4 months ago by https://id.mayfirst.org/jaimev

I see you were able to assign the the May First nameservers, great. The only step missing was to recreate the australia.workersliberty.org DNS record in the May First control panel. I've just done that for you. In a few minutes once that DNS record becomes active we can try to set your web configuration to auto again and it should be able to create the LetsEncrypt cert automatically.

comment:12 Changed 4 months ago by https://id.mayfirst.org/workersliberty

Hi, thanks for this.

Could you activate the SSL today, so we get the green padlock showing.

comment:13 Changed 4 months ago by https://id.mayfirst.org/jaimev

Yes I can do that for you but just now realizing I goofed and created the australia dns incorrectly. Allow another few minutes to correct.

comment:14 Changed 4 months ago by https://id.mayfirst.org/jaimev

I think I've figured out the problem. Our control panel uses the Lets Encrypt certbot software to perform a "dry-run" before creating the actual certificate. The LetsEncrypt staging server is down for maintenance right now causing this process to fail on our end. I think we will have to wait until they are back up to complete the process.

comment:15 Changed 4 months ago by https://id.mayfirst.org/jaimev

Ok, should be all set now.. The DNS settings were correct and the Lets Encrypt staging service became available again so I just changed you web configuration use auto and the certs were created. One minor issue is that your wordpress siteurl neds to be updated to use https instead of http.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.