change hostname and "Your connection is not private" error.

Issues related to configuring your network
Post Reply
hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

change hostname and "Your connection is not private" error.

Post by hack3rcon » 2020/09/03 10:04:32

Hello,
When I installed CentOS 8, I selected the default option about "localhost.localdomain", but I changed the hostname and host files as below:

Code: Select all

# cat /etc/hostname
#localhost.localdomain
mydomainname.net
And:

Code: Select all

# cat /etc/hosts
#127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

My-Website-IP   www.mydomainname.net    mydomainname.net
After it, when I want browse my website then "Your connection is not private" appeared. Why?
How can I solve it?
Is it because of below lines in "ssl.conf" file:

Code: Select all

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Thank you.

hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

Re: change hostname and "Your connection is not private" error.

Post by hack3rcon » 2020/09/03 10:53:34

Any idea?

BShT
Posts: 278
Joined: 2019/10/09 12:31:40

Re: change hostname and "Your connection is not private" error.

Post by BShT » 2020/09/03 11:36:58

you can´t certificate yourself

You need to buy a certificate and someone else will certificate you

that´s exactly what a certificate is

PS: file name localhost crt and key means nothing
Last edited by BShT on 2020/09/03 12:41:11, edited 1 time in total.

hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

Re: change hostname and "Your connection is not private" error.

Post by hack3rcon » 2020/09/03 12:20:34

BShT wrote:
2020/09/03 11:36:58
you can´t certificate yourself

You need to bye a certificate and someone else will certificate you

that´s exactly what a certificate is

PS: file name localhost crt and key means nothing
Thank you for your reply.
I changed the host name and I guess it was my mistake.
Apache tell me:

Code: Select all

AH01909: www.mydomain.net:443:0 server certificate does NOT include an ID which matches the server name
I removed the localhost.crt and key file and generated a new key:

Code: Select all

#hostname
mydomain

*** openssl req -newkey rsa:2048 -nodes -keyout <hostname>.key -out <hostname>.csr***

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/mydomain.key -out /etc/ssl/certs/mydomain.crt
After it:

Code: Select all

# openssl x509 -in /etc/ssl/certs/mydomain.crt -noout -subject
subject=C = IT, ST = Mila, L = Mila, O = MEMy, OU = IT, CN = mydomain.net, emailAddress = info@mydomain.net
Then I changed the "ServerName" values into "httpd.conf" and "ssl.conf" to "ServerName mydomain.net" and added below lines to "ssl.conf:

Code: Select all

SSLCertificateFile /etc/ssl/certs/mydomain.crt
SSLCertificateKeyFile /etc/pki/tls/private/mydomain.key

Code: Select all

# cat /var/log/httpd/ssl_error_log
[Thu Sep 03 16:58:45.445365 2020] [ssl:warn] [pid 445433:tid 139731798190400] AH01906: mydomain.net:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Sep 03 16:58:45.501454 2020] [ssl:warn] [pid 445433:tid 139731798190400] AH01906: mydomain.net:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
What is my mistake? Which one is wrong?
My WordPress website can't up with http protocol too :(

BShT
Posts: 278
Joined: 2019/10/09 12:31:40

Re: change hostname and "Your connection is not private" error.

Post by BShT » 2020/09/03 12:41:54

you can´t certificate yourself

You need to buy a certificate and someone else will certificate you

User avatar
TrevorH
Forum Moderator
Posts: 29493
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: change hostname and "Your connection is not private" error.

Post by TrevorH » 2020/09/03 12:46:30

Or use Letsencrypt.

Also, you could try reading the error messages. It clearly states what is wrong with the cert you have just created.
AH01906: mydomain.net:443:0 server certificate is a CA certificate
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

Re: change hostname and "Your connection is not private" error.

Post by hack3rcon » 2020/09/03 13:12:05

I want to use Letsencrypt.
My web site name is "mydomain.net" ==> It is an example.
When I installed the CentOS 8, I left the domain setting default (localhost.localdomain) and I installed and configured the LAMP and Letsencrypt. Everything worked correctly till I changed my "hostname" and "hosts" files as below:

Code: Select all

# cat /etc/hostname
#localhost.localdomain
mydomain

# cat /etc/hosts
#127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

"My Server IP"  mydomain.net mydomain
After it my server show me "Your connection is not private" error and I can't browse my website.
I googled and find a page that told it is because of "localhost.key" and "localhost.crt" files. because I changed the default hostname.
I removed these files and "certbot":

Code: Select all

# rm /etc/pki/tls/private/localhost.key
# rm /etc/pki/tls/private/mydomain.key

# rm /etc/ssl/certs/mydomain.crt
# rm /etc/ssl/certs/localhost.crt
And after it I used below command to generate a default key:

Code: Select all

/usr/libexec/httpd-ssl-gencerts
This command, generated "localhost" files and I want to configure my Virtual Host from start.
In "httpd.conf":

Code: Select all

ServerName mydomain.net
And Virtual Host file is as below:

Code: Select all

<VirtualHost *:80>
ServerAdmin root@localhost
ServerName mydomain.net
DocumentRoot /var/www/wordpress
<Directory "/var/www/wordpress">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common
</VirtualHost>
Is everything OK to use "certbot"?

hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

Re: change hostname and "Your connection is not private" error.

Post by hack3rcon » 2020/09/03 14:03:24

Is it OK?

hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

Re: change hostname and "Your connection is not private" error.

Post by hack3rcon » 2020/09/03 14:29:56

If someone remove "localhost" files from " /etc/pki/tls/private/" and "/etc/pki/tls/certs/" then it is not possible to regenerate them?

hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

Re: change hostname and "Your connection is not private" error.

Post by hack3rcon » 2020/09/03 16:03:41

No idea?

Post Reply

Return to “CentOS 8 - Networking Support”