How can we keep security certificates up to date and prevent security term violations?

Today when I tried log in to a JR site I manage, Kapersky stopped me with the following message:

"Your connection is not private. Criminals may be attempting to steal your information. We recommend that you leave this website. URL: my-url.jamroomghosting.com (note this is a URL that has the https:// prefix). Reason: Certificate term violation."

So what is this telling me? How can I prevent visitors to my network from receiving this message?

How can I prevent the site or a security certificate from offending Firefox and other browsers before they are offended? Can the JR system send me alerts about this before a problem arises?

Could a security monitoring module be developed that helps us to prevent this happening? Or is this already built into the JR update process, and we should just keep updating when JR provides updates?



--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 09/26/21 09:54:25PM

Its telling you that my-url.jamroomhosting.com is not my-url.com You can only generate an SSL certificate for a domain that you own and since you dont own jamroomhosting.com the SSL cert is not valid for there.

So if you do intend to use my-url.com then make that the primary domain and the SSL will work, if you dont, then disable SSL and access the site on http:// instead of https://

Thanks. This suggests that there is no problem for https:// my-url.org (which is also hosted by JR) because I own that domain; I have not seen the warning message for that site. That was my main concern, but...

my-url.jamroomhosting.com is currently an open to view (public) sandbox. Is there any harm in letting stay this way?

Since my other domain and site is hosted at the same IP address (I suppose), will it be tarnished by association with the [seemingly] insecure site?


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 06/27/21 06:33:16PM

my-url.jamroomhosting.com and my-url.org are the same site, just 2 ways to access it. Its fine, you understand that my-url.jamroomhosting.com is not a sneaky site trying to pretend its something its not.

If you are recommending users to go to that site, then its probably best to turn SSL off and just use the HTTP:// version then no warning will show.

The intended purpose of jamroom hosting providing the my-url.jamroomhosting.com was this:
* A site exists that is running some other system, wordpress maybe. And the owner of that site wants to move over to Jamroom but it will take a while to get all the conversion done. Their site is currently on my-url.org and they dont want to change that because there are lots of visitors going there at the moment.

They can use my-url.jamroomhosting.com to build the new site, then when they think its ready they can change the name servers to point to jamroomhosting and make the domain primary then the transition will be smooth.