0

I have created SSL certificate from lets-encrypt using certbot application

https://www.digitalocean.com/community/tutorials/how-to-use-certbot-standalone-mode-to-retrieve-let-s-encrypt-ssl-certificates

And configured my nginx server with ssl cert and key but when i access website with https it still insecure.

furthermore i have checked my website with ssl labs it returns an overall rating C with a warning in cipher strength

This server uses RC4 with modern protocols. Grade capped to C.

update Domain name

https://cushbu.com

Jabaa
  • 107
  • 4
  • Please edit your configuration in the question. The actual domain name can also be helpful in the diagnosis. – Gerald Schneider Sep 16 '17 at 12:22
  • Additionally the browser typically says why it views it as insecure. For instance chrome will say NET::ERR_CERT_COMMON_NAME_INVALID if the name in the certificate does not match the hostname. – vidarlo Sep 16 '17 at 12:44
  • Let me edit the question – Jabaa Sep 16 '17 at 13:09
  • Can't see any specific error message in chrome – Jabaa Sep 16 '17 at 13:53
  • 1
    According to my Chrome there is nothing wrong with your certificates. It only criticizes that some resources (styleheets, script files) are loaded via http instead of https. – Gerald Schneider Sep 16 '17 at 14:20
  • It's the problem of base URL it will be fixed soon but why the connection is not secured error message is shown . – Jabaa Sep 16 '17 at 14:59

2 Answers2

1

Its because mixed content problem

check in dev tools

Mixed content
The site includes HTTP resources.

Reload the page to record requests for HTTP resources.

So fix your app, if u have a cross domain images, login form and etc. (as example)

James M
  • 200
  • 1
  • 2
  • 12
  • Yes. He is right. Go to this for instance: https://cushbu.com/images/img3.jpg Some one probably has incorrectly formed redirects in JS or HTML, which hard coded "http" - my guess – EdH Sep 17 '17 at 02:35
  • So all the assets should be served from HTTPS instead of http?? – Jabaa Sep 17 '17 at 05:26
  • yes. make reindex of all your files. – James M Sep 18 '17 at 09:34
0

Try disabling RC4 and use AES. RC4 has been deemed insecure by major browser vendors (google, mozilla, microsoft) as of sometime in 2016.

Andrew Domaszek
  • 5,103
  • 1
  • 14
  • 26