SSL Error Archives - WP Encryption

Parse Error Reading JWS Error

wp_encryption — Sun, 17 Dec 2023 11:09:31 +0000

When you run the SSL install form of WP Encryption, you might notice “parse error reading JWS” error in the debug log. WP Encryption plugin not being able to create keys/ directory due to file permission issues could lead to this error.

Please login to your SSH console as root / sudo user, cd into your WordPress directory and update the owner group of directory recursively to allow apache / www-data user to create directory within WordPress. You can do so via below command,

sudo chown -R www-data:www-data /var/www/html

Please make sure to replace /var/www/html to your WordPress site folder path.

The post Parse Error Reading JWS Error appeared first on WP Encryption.

Private Key Doesn’t Appear To Be Valid on Google Cloud

wp_encryption — Sat, 16 Sep 2023 11:20:32 +0000

Once after you download the SSL certificate and private key files from WP Encryption WordPress plugin, If you’re one of the Google Cloud user, you might receive “The private key you’ve selected does not appear to be valid” error while trying to upload the private key content. In order to resolve this issue and successfully upload the private key on Google Cloud App, please open the downloaded private key file in a text editor and replace only the below given headers,

Like this,

Finally, you should be able to successfully input and install the certificate with private key on Google Cloud without issues.

The post Private Key Doesn’t Appear To Be Valid on Google Cloud appeared first on WP Encryption.

Fix ERR_SSL_VERSION_INTERFERENCE SSL Error on Chrome

wp_encryption — Wed, 06 Oct 2021 17:15:27 +0000

ERR_SSL_VERSION_INTERFERENCE is one of the common SSL error you could notice on Chrome & Firefox browsers. This SSL error is mostly shown when your web server uses TLS1.3. There are recommendations to disable TLS1.3 to resolve this SSL error on your site but that’s not a perfect solution in reality as TLS1.3 offers better security compared to previous version like TLS1.2.

A Possible cause of this SSL error could be mismatch in TLS1.3 release version used by your web browser and your web server. Having an older version of TLS1.3 on your server while your modern browser only support latest release of TLS1.3 could result in this SSL error. Instead of disabling TLS1.3, we will focus on resolving the issue in a better way.

Check your SSL Certificate

Firstly, please check for any possible issues with your SSL by scanning your site at SSLLabs. Try resolving any issues you may find and clear your browser cache completely to see if the ERR_SSL_VERSION_INTERFERENCE issue is resolved.

Update your web browser

If you are using outdated browser, your browser might be using older version of TLS whereas your web server could be using most up-to-date release version of TLS which may cause mismatch. So update your browser to its latest version as all the modern browsers are always kept updated with latest protocol releases.

Update your Antivirus Firewall

Some of the popular antivirus programs like Kaspersky comes with “Enable HTTPS Scanning” option which uses its own SSL certificate to intercept and analyze the SSL traffic. Update your antivirus program or try disabling it to check if the ERR_SSL_VERSION_INTERFERENCE issue is caused by it.

If none of the above said solutions resolve your issue, try adding back support for TLS1.2 along with latest TLS1.3.

Adding TLS1.2 support in Apache server:

Modify your Apache server config file and locate the SSLProtocol line, update it as below

SSLProtocol -all +TLSv1.2 +TLSv1.3

Adding TLS1.2 support in Nginx server:

Modify your Nginx server config file and locate the ssl_protocols line, update it as below

ssl_protocols TLSv1.2 TLSv1.3;

Finally, make sure to restart your Apache / Nginx server after the changes. Hopefully one of these solutions should definitely resolve ERR_SSL_VERSION_INTERFERENCE issue on your site.

The post Fix ERR_SSL_VERSION_INTERFERENCE SSL Error on Chrome appeared first on WP Encryption.

Fix Let’s Encrypt “R3” Root Certificate Expired or SSL Not Trusted Issue

wp_encryption — Sat, 02 Oct 2021 11:43:19 +0000

Is your HTTPS site powered by Let’s Encrypt (Open certificate authority) SSL certificate showing INSECURE, “Your connection is not private”, “ERR_CERT_AUTHORITY_INVALID” or similar SSL issue all of a sudden since September 30, 2021?. This is due to recent expiration of DST cross-signed root certificate. Likewise, you are not alone as huge number of HTTPS sites using Let’s Encrypt are impacted by this expiration.

In our previous post, we explained how to resolve the SSL not trusted / root certificate expired issue for WordPress users and WP Encryption plugin users. Whereas, this guide is focused towards anyone using Let’s Encrypt SSL on their website using Apache, Nginx, Bitnami, Lightsail, Certbot or any server/platform.

Fixing root certificate expired issue on shared hosting platforms

If you are using SSL provided by AutoSSL or your shared hosting platform, all you need to do is just re-install the SSL certificate or re-run the autossl to fix the issue, hoping that almost all hosting platforms have updated the root certificate on their platform already. If that doesn’t resolve your issue, you could manually generate new SSL certificate and install it manually on your hosting platform with new active intermediate certificate (cabundle) provided at the bottom of this post.

If you manually generated Let’s Encrypt SSL certificate using WP Encryption WordPress plugin or with any other service which helps generate free Let’s Encrypt SSL certificate, simply re-installing the existing certificate & private key with the new intermediate certificate provided at the bottom of this post would resolve the issue. If you have updated to latest release v5.7.1 of WP Encryption plugin, the new intermediate certificate is already updated so you could easily re-generate fresh SSL certificate with correct root / intermediate or you could easily download / copy the new intermediate certificate to use from the “Download SSL Certificates” page of WP Encryption.

Fixing root certificate expired issue on AWS, Digital Ocean, Self managed server

Websites hosted on self managed servers with Apache, Nginx or Bitnami needs to follow a slightly different suit. Please modify your Apache / Nginx server config file via SSH console, check for file path of SSLCACertificateFile in case of Apache (which points to your intermediate certificate file) and ssl_certificate in case of Nginx (which points to a concatenated certificate + intermediate cert file).

Apache Server:-

Please update your intermediate cert file content with the new intermediate cert provided at the bottom of this article, save the file and restart apache server to fix the HTTPS issue.

Nginx Server:-

You will notice 2 cert blocks within your ssl_certificate file and you only need to replace the bottom one with the new intermediate cert provided at the bottom of this article. Once after updating, please save the server config file and restart nginx server once to fix the HTTPS issue.

Finally, the new rise of this SSL issue only requires updating of your intermediate certificate and you don’t really need to worry about your active certificate or key file.

Let’s Encrypt Active Intermediate Certificate to Use:

The post Fix Let’s Encrypt “R3” Root Certificate Expired or SSL Not Trusted Issue appeared first on WP Encryption.

ERR_CERT_AUTHORITY_INVALID | R3 Certificate is Expired

wp_encryption — Thu, 30 Sep 2021 14:40:43 +0000

Let’s Encrypt’s root certificate has expired on September 29, 2021

Let’s Encrypt open certificate authority powers HTTPS for millions of websites and one of the largest provider of HTTPS certificates. Most widely adopted intermediate certificate cross signed by IdenTrust DST Root CA X3 has expired this week which means some of the desktop / mobile browsers will no longer trust certificates issued by this certificate authority especially the web browsers on Mac OS.

You might start noticing “R3” certificate is expired, ERR_CERT_AUTHORITY_INVALID, ERR_CERT_DATE_INVALID error depending on your browser. If you are one of the “WP Encryption” WordPress plugin PRO or FREE user, We have already pushed the new intermediate cert update with release version 5.7.1 today.

Resolving the “ERR_CERT_AUTHORITY_INVALID” SSL error

All you need to do is re-install the same SSL certificate on your cPanel / Server with new intermediate certificate / CABundle provided below. This new active intermediate is self signed by ISRG(Internet Security Research Group) Root X1.

Alternatively,

Please upgrade to latest release v5.7.1
Use RESET option once
Run the SSL install form of WP Encryption to re-generate and re-install new SSL certificate with new intermediate cert.

After successful SSL installation, “R3” Certificate is Expired / ERR_CERT_AUTHORITY_INVALID issue on your site will be instantly resolved. Please do clear your browser cache once.

The post ERR_CERT_AUTHORITY_INVALID | R3 Certificate is Expired appeared first on WP Encryption.

Secure Webmail & Email with an SSL/TLS Certificate

wp_encryption — Wed, 30 Jun 2021 17:45:56 +0000

So you recently installed an SSL certificate for your domain and started getting “invalid SSL certificate” error popup on your email clients for custom business emails of your domain(Ex: admin@gowebsmarty.com) setup with POP/IMAP?, then you have reached the correct guide to get rid of the invalid certificate error in your email client & also secure the webmail.

While you can setup POP3/IMAP via non-secure ports too on your email clients which don’t throw certificate error, but setting up POP3/IMAP via secure ports is always the best practice in terms of security between email transmission. This guide only applies to business email IDs setup with your domain name (Ex: admin@gowebsmarty.com) and not related to Gmail or any other email service which comes with their own SSL certificate.

Before diving in, please note that if you have installed Wildcard SSL for your domain – then Wildcard SSL itself covers all subdomains including the webmail & mail, so you don’t need to go through this at all. This would be helpful only if you have installed Single domain SSL certificate for your www & non-www domain which started throwing SSL cert invalid error for webmail & email.

Webmail refers to your browser based webmail access URL like webmail.wpencryption.com which allows you to access email inbox directly on your web browser. On most of the shared hosting platforms, the incoming & outgoing mail server address we setup in email clients is gonna be something like mail.wpencryption.com. So we will be focusing on securing this webmail & mail sub-domains in this guide.

REQUIREMENTS:

WP Encryption WordPress plugin – version 5.4.8 & above

How to secure webmail & email with an SSL certificate?

First of all, please login to your wp-admin and install/activate WP Encryption free SSL plugin via PLUGINS > ADD NEW. Make sure the installed version is 5.4.8 or above. We will now generate free SSL certificate for your domain which covers webmail & email urls along with your www & non-www domain:

Go to WP Encryption page in your wp-admin.
Page url looks something like this – https://yourdomain.com/wp-admin/admin.php?page=wp_encryption
Modify/Change the url to append &includewww=1&includeemail=1 so it becomes https://yourdomain.com/wp-admin/admin.php?page=wp_encryption&includewww=1&includeemail=1 and press enter.
You will now notice the SSL install form with some additional checkboxes as shown in below screenshot

5. You can choose to secure both www & non-www domains, secure webmail & secure email server accordingly. Then enter your email and click on Generate SSL Certificate button.

This will generate free Let’s Encrypt SSL Certificate covering all your requested endpoints but DNS based domain verification becomes mandatory on STEP 2 as HTTP verification is not possible. Once after generating the new SSL certificate, download the certificate.crt, private.pem and CA Bundle.crt files via easy to use interface of WP Encryption and install it on your cPanel / hosting panel.

That’s it!.. Now your www, non-www domain as well as webmail & email server should be secured avoiding the invalid certificate error.

The post Secure Webmail & Email with an SSL/TLS Certificate appeared first on WP Encryption.

Fix ERR_SSL_PROTOCOL_ERROR for WordPress

wp_encryption — Fri, 25 Jun 2021 11:00:33 +0000

Actually, let’s call ERR_SSL_PROTOCOL_ERROR a most commonly seen error on Google Chrome & not specific to WordPress site. But as we always do, our guides are more focused towards WordPress users.

If you are one of Google Chrome lovers like Us :), you must have come around this error at least once in a while. ERR_SSL_PROTOCOL_ERROR or SSL CONNECTION ERROR on Google Chrome is quite easy to resolve but daunting at times.

Fixing ERR_SSL_PROTOCOL_ERROR error

Most of the time this error occurs due to some server problems, but not everyone is a server administrator right? In this guide, We will aim at resolving ERR_SSL_PROTOCOL_ERROR in a non-techy / simpler way. One of the below solutions should help resolve your issue, so please re-launch your browser and test your site after following each solution.

1. Set correct system date / time

SSL protocol have much to deal with your system date /time settings, please go to your system settings > date & time and make sure to adjust time zone and choose to automatically set the time.

2. Clear cache and cookies would help resolve ERR_SSL_PROTOCOL_ERROR

Please clear all cache and cookie data from your Google Chrome browser via More tools > clear browsing data option from top right corner of your Chrome browser. This will also remove any stale / cached data of sites you use.

3. Disable browser extensions

Who don’t love browser extensions?. Extensions make our lives much easier but some of them may go beyond and interrupt your communication with sites. Navigate to More tools > Extensions on Google Chrome and try disabling any extensions that would modify or interrupt network, communication, HTTPS / SSL requests. Try re-launching your browser & see if ERR_SSL_PROTOCOL_ERROR is gone.

4. Disable QUIC Protocol

Copy/paste chrome://flags/#enable-quic onto your Chrome address bar and press enter, if the Experimental QUIC protocol feature is set to default or enabled, please change it to disabled. Scroll to bottom of page and click on relaunch browser.

5. Clear SSL state of your computer

To make HTTPS perform better & avoid repetitive load, SSL certificates are cached & stored on your first visit to a site to improve performance of further communication with the same site. Clearing SSL state once in a while would be helpful.

Please go to Start Menu > Control Panel > Network & Internet > Network and Sharing Center.
Click on Internet Options & Internet Properties window will show up.
Click on Content tab within the Internet Properties window and click on Clear SSL State button.
Re-launch your browser & test your site.

6. Check your internet security and privacy level

If you have set your security level too high, it might be blocking you from visiting a particular site.

Please go to Start Menu > Control Panel > Network & Internet > Network and Sharing Center.
Click on Internet Options & Internet Properties window will show up.
Click on Security tab
Make sure the security level is set to Medium & click on OK

If none of the above resolved ERR_SSL_PROTOCOL_ERROR, please try disabling your Windows Firewall, Antivirus program, etc., for a moment to examine if any of them are blocking the access. Also, clear all cache on your WordPress admin / CDN dashboard.

BONUS: Need help installing free SSL certificate for your WordPress site?. Feel free to use our “WP Encryption” WordPress SSL plugin to install free SSL certificate like a Pro!.

The post Fix ERR_SSL_PROTOCOL_ERROR for WordPress appeared first on WP Encryption.

ERR_CERT_COMMON_NAME_INVALID fix for WordPress in 2021

wp_encryption — Fri, 25 Jun 2021 09:40:45 +0000

Getting your site on HTTPS(HyperText Transfer Protocol Secure) is the high priority requirement since Google chrome and all major browsers started flagging non-HTTPS sites as insecure. ERR_CERT_COMMON_NAME_INVALID is one the most common SSL error you could notice right after installing SSL certificate.

All our guides are pretty much focused towards non-technical users instead of big theory and we will be following the same approach jumping onto resolving the issue straightaway.

Why ERR_CERT_COMMON_NAME_INVALID error occurs?

Very common scenario is you have an SSL certificate installed for your site which don’t cover either www or non-www version of your domain. You could easily test your SSL at SSLLabs.com to analyze your SSL certificate start & expiry date as well as which exact set of domains it covers.

When Google Chrome shows it as ERR_CERT_COMMON_NAME_INVALID error, You might also notice this as slightly different error message shown on other browsers like Firefox showing SSL_ERROR_BAD_CERT_DOMAIN, Microsoft Edge showing DLG_FLAGS_SEC_CERT_CN_INVALID. At the end, it all refers to the same error.

How to resolve ERR_CERT_COMMON_NAME_INVALID error?

Using Firefox or Edge browser, try testing your www & non-www domain (Ex: www.wpencryption.com and wpencryption.com) and see if the ERR_CERT_COMMON_NAME_INVALID error is shown on only one of it. If so, it clearly indicates that your installed SSL certificate don’t cover that specific domain. You could reach out to your SSL provider and re-generate SSL covering all your domains including the www & non-www version.

Well if you are using our “WP Encryption” free WordPress SSL plugin to generate and install free Let’s Encrypt SSL certificate for your WordPress site, we do have an very easy method of generating SSL covering www & non-www domain – simply follow the instructions, install the newly generated SSL certificate on your cPanel or hosting panel and you are all set!.

Both www & non-www domains are showing same error?

Then the issue is not related to just one variant. Your site must be using default SSL certificate provided by your hosting platform and you haven’t installed SSL certificate yet. You can verify the same by testing your domain on SSLLabs.com. In such a case, all you need to do is buy an SSL certificate for your domain and have it installed OR generate and install free SSL certificate for your WordPress site using WP Encryption WordPress plugin as said earlier.

TIP: You don’t need a separate SSL certificate or Wildcard SSL for your www & non-www domains. A single domain SSL certificate is sufficient to cover both the variants.

The post ERR_CERT_COMMON_NAME_INVALID fix for WordPress in 2021 appeared first on WP Encryption.

ERR_TOO_MANY_REDIRECTS WordPress Redirect Loop Fix

wp_encryption — Thu, 24 Jun 2021 20:58:04 +0000

Why ERR_TOO_MANY_REDIRECTS error occur?

ERR_TOO_MANY_REDIRECTS is one the very common error that would panic you when trying to use CDN or reverse proxy service like StackPath, Cloudflare, etc., for your WordPress site. To keep it simple, this redirect loop error is caused because your CDN wants to pull your HTTP only site but your WordPress site already have an HTTP to HTTPS redirect which results in redirect loop.

Nothing to worry, we will jump into the solution right away!.. Please make sure to clear cache on your browser & CDN platform before diving in.

SOLUTION 1

Please login to your hosting panel, select FILE MANAGER tool.
Choose to show “hidden” files in file manager settings.
You will find .htaccess file in root directory of your WordPress site, please take a backup on your local computer and delete it.
If HTTPS is enforced via .htaccess, err_too_many_redirects redirect loop should be resolved already (please make sure to clear cache & cookies of your browser before testing your site).

Once after gaining access to your wp-admin, you can go to Settings > Permalinks, choose your preferred permalink structure and save settings to re-generate default .htaccess file.

SOLUTION 2

Please login to your hosting panel, select FILE MANAGER tool.
Modify wp-config.php file located in the root directory of your WordPress site.
Add the below lines of code in a new line above /* That’s all, stop editing! Happy blogging. */

define("WP_HOME", "http://YOUR_SITE_URL");
define("WP_SITEURL", "http://YOUR_SITE_URL");

Please make sure to replace YOUR_SITE_URL with your correct domain Ex: http://wpencryption.com

4. Save the changes, clear your browser cache and check if your site starts working.

SOLUTION 3

If none of the above solutions worked, ERR_TOO_MANY_REDIRECTS redirect loop must be caused by one of the redirect, SSL or similar plugin activated on your WordPress site. Using the FILE MANAGER on your hosting, you can simply go to wp-content/plugins/ directory and start renaming suspected plugin folders to PLUGINNAME-HOLD one by one and view your site to identify the exact plugin that’s causing the redirect loop.

If you are self managing server instance on cloud platforms like AWS, Digital Ocean, etc., HTTPS redirection must be enforced via Apache or Nginx server config file located in /etc/apache2/, /etc/nginx/ respectively. You will need to login via SSH console and remove those redirections to get your site working.

One of the above 3 solutions should absolutely fix ERR_TOO_MANY_REDIRECTS issue on your site. If you still need help, please consider opting for WP Encryption Pro plan and our highly experienced support will resolve it for you ASAP regardless of the complexity.

If you were able to resolve the redirect loop, We highly recommend using “Force HTTPS via HTACCESS” feature of WP Encryption free SSL plugin which auto detects the reverse proxy, CDN you are using and implements appropriate rules to make your HTTPS site work smooth!.

TIP: If you are using reverse proxy services like StackPath, Cloudflare – Please enable HTTPS enforcement on your CDN dashboard too.

The post ERR_TOO_MANY_REDIRECTS WordPress Redirect Loop Fix appeared first on WP Encryption.

UNABLE_TO_VERIFY_LEAF_SIGNATURE Let’s Encrypt

wp_encryption — Thu, 24 Jun 2021 20:13:13 +0000

Resolving SSL related errors would be bit tricky for non-technical users and UNABLE_TO_VERIFY_LEAF_SIGNATURE is one of the common error you could face while installing SSL certificate on your cPanel or hosting platform.

UNABLE_TO_VERIFY_LEAF_SIGNATURE error during SSL installation is caused primarily due to invalid or mismatched intermediate certificate / CA Bundle thus failed chain of trust. Since you are trying to install Let’s Encrypt (Open certificate authority) SSL certificate, chances are you missed their new update regarding the new root & intermediate certificates and trying to install wrong intermediate certificate for your site.

Fixing the UNABLE_TO_VERIFY_LEAF_SIGNATURE issue

Login to your wp-admin, go to PLUGINS > ADD NEW.
Install and activate “WP Encryption” free SSL plugin.
If already installed, please make sure to update the plugin to latest version.
Click on WP Encryption tab on left panel in your wp-admin and you will notice SSL install form.
Enter your email in SSL install form and click on Generate SSL button.
Verify your domain ownership via HTTP or DNS method.
After success, You can copy the newly generated Certificate.crt, Private.pem and CA Bundle / Intermediate Certificate for your site.
Paste these 3 into its appropriate input fields on SSL installation page of your cPanel / hosting panel.
SSL installation should succeed and your HTTPS site should start working.

P.S., If you are using WP Encryption Pro version – Please update the PRO plugin to latest release (We continuously test the whole process and push updates ASAP in case of any error / new protocol ), use RESET option of WP Encryption and re-run the SSL install form once, Your SSL installation will succeed instantly.

The post UNABLE_TO_VERIFY_LEAF_SIGNATURE Let’s Encrypt appeared first on WP Encryption.