Ai was appearing that the certificate of isrt root x1 had spiraled ai inatei the certicates of the official page here of let 's encrypyt ai now appears only r3

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

For what it's worth, it works fine for me, and it looks like the certificate chain is correctly configured on the server:


Yes the certificate chain is ok. Your server is serving the default Let's Encrypt chain (to DST Root CA X3).

You can also chain directly to ISRG Root X1 if use you certbots --preferred chain option (certbot — Certbot 2.6.0 documentation)

Serial 04AD9DAE17C89918F55D4EAF0F6FA84E4405

Issuer R3

Start Wed Mar 29 2023

Expiry Tue Jun 27 2023


Serial 912B084ACF0C18A753F6D62E25A75F5A

Issuer ISRG Root X1

Start Fri Sep 04 2020

Expiry Tue Sep 16 2025

ISRG Root X1

Serial 4001772137D4E942B8EE76AA3C640AB7

Issuer DST Root CA X3

Start Thu Jan 21 2021

Expiry Tue Oct 01 2024

1 Like

so what do i have to do to fix this error

Ambos os nomes e devem aparecer no certificado. Agora mesmo aparece apenas, sem www. Para (a maioria dos) navegadores, esses são nomes distintos e independentes e ambos precisam ser mencionados no certificado.


so what does it mean and what do i have to do to solve it?

It [the error] means that you can't connect securely to a site that doesn't have a certificate that covers that name.
In this case, the "www" is not covered.
You can either:

  • connect securely to the name without using "www"
  • get a new cert that covers the "www" [or one that covers both names]