0

I am creating a "password recovery" system using django 2.0 auth and "Heroku" handles my SSL Certificate. When I send the email containing the password reset link, I get redirected to a google page with an error that looks like this:

"Your connection is not private" NET::ERR_CERT_COMMON_NAME_INVALID

I looked into the error a bit, and I've read that google has deprecated the use of the COMMON_NAME field. How can I change my settings in order to account for this error? Or am I doing something inherently wrong? django say to use a template name password_reset_email.html and password_reset_complete to generate the link in email and the password change form destination. Here is my code:

password_reset_email.html

{% autoescape off %}
Dear {{user.first_name}},

You are receiving this message because you have requested to have your password changed for your account on ___.
To initiate the password reset process for your account,
please click the link below:


{{protocol}}://{{domain}}{% url 'password_reset_confirm' uidb64=uid token=token %}

Your username is "{{user.username}}"" in case you've forgotten.

If clicking the link above doesn't work, please copy and paste the URL in a new browser window instead.

Sincerely,

_____
{% endautoescape %}

password_reset_confirm.html

{% extends 'base.html' %}
{% load crispy_forms_tags %}

{% block content %}
{% if validlink %}
<div class='row'>
    <div style="background-color:white" class='col-sm-6 col-sm-offset-3'>   

        <form> {% csrf_token %}
            <fieldset class="form-group">
                <legend class="border-bottom mb-4">Change Password</legend>
                {{form|crispy}}
            </fieldset>
            <div class="form-group">
                <button class="btn btn-success" type="submit">Reset password</button>
            </div>
        </form>

{% else %}
        <div style="background-color: white; color: black;">
            <p>
                The password reset link was invalid, possibly because it has already been used.
                Please request a new password reset.
            </p>
        </div>
</div>
    </div>
{% endif %}
{% endblock content %}

Thank you for your time.

juju
  • 884
  • 1
  • 9
  • 31

1 Answers1

1

I had the incorrect domain name in my admin.site domain names. I forgot to include the full domain name including www. in front of the website name so it couldn't be matched to the one website name in the password reset email.

I changed

{{protocol}}://{{domain}}{% url 'password_reset_confirm' uidb64=uid token=token %}

to

{{protocol}}://www.{{domain}}{% url 'password_reset_confirm' uidb64=uid token=token %}

and it worked successfully. I just had to make sure that each part of the url was as it should be. The URL in the email read as https://example.com whereas the actual url was https://www.example.com

juju
  • 884
  • 1
  • 9
  • 31
  • Would you mind clarifying your answer a bit? @juju – Jakob Oct 13 '21 at 21:02
  • @Jakob Added some more details to make it more clear. Hope that helps. – juju Oct 13 '21 at 22:09
  • Thanks @juju. However, I think there must be something more to it. The url didn't change with this update and is still returning the same error (I made other changes to verify that the correct file indeed is used). You know of other things that might solve this? – Jakob Oct 14 '21 at 09:03
  • 1
    @Jakob This was was quite a while ago, and don't really what I did. I should have made my answer more clear back then. Re-reading my question though, it really does seem to be an SSL certification issue (assuming you got a similar error). First, I'd verify that your SSL is properly configured. Use `curl -vI https://www.example.com`. Look through the return info and look for "SSL certificate verify ok." – juju Oct 16 '21 at 21:24
  • You're right @juju. I eventually chose to open a [new question](https://stackoverflow.com/q/69585864/8162025) though. I had to enable [SSL click tracking](https://docs.sendgrid.com/ui/analytics-and-reporting/click-tracking-ssl#configuring-ssl-certificates-and-keys) to get it to work. – Jakob Oct 20 '21 at 08:06