Can't validate on domain name the CSR code (ERROR: The CSR does not appear to be valid)

#1

My domain is: domaine

I ran this command: nano /etc/letsencrypt/live/coques-telephone.com/privkey.pem

It produced this output: It shows the privkey

My web server is (include version): Apache

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: Contabo

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.30.2

#2

Hi @noione

ERROR: The CSR does not appear to be valid

please share your CSR.

A CSR is public, later part of the public key of the certificate. So there is no security problem.

#3

I’m not sure if that’s the most relevant question. It seems @noione already has a certificate issued, as there is a /live/ directory containing a symlink to a private key.

@noione Could you tell us what you’re actually trying to accomplish? Why are you trying to “validate” a CSR when you already have a certificate?

Also note: you’ve already got two certificates issued for your domain name. But you didn’t include the www subdomain. Is that by choice? I see your “bare” domain hostname redirects to the www subdomain.
Also interesting: if you go to the https:// version of your website, which works like a charm, you have a redirect to the non HTTPS version of the www subdomain.

#4

Thank you for your reply,
I want to add it in my domain name they asked me the CSR code, the goal is to have ‘Symantec Encryption Everywhere’

#5

Where are you trying to add the domain name to? Like I said, your domain name already has a working HTTPS version, but is redirecting to a non-HTTPS version.

What is that?

#6

on name.com where i have the domain name
Apparently when i activate it, it redirect all my pages to the HTTPS version

#8

Curious: You have a letsencrypt certificate

CN=coques-telephone.com
	18.02.2019
	19.05.2019
expires in 81 days	coques-telephone.com - 1 entry

but name.com has a lot of certificates, but not Letsencrypt.

https://www.name.com/support/search/letsencrypt

https://www.name.com/ssl

#9

That’s your private key, not your Certificate Signing request. Please delete your private key.

1 Like
#10

Hi @noione, the private key privkey.pem is not a CSR and should never be shared with anyone.

Can you explain more about your hosting situation and what name.com’s role is? Why do you need name.com to do anything, and what do you need them to do?

What I’m seeing right now is that coques-telephone.com has a valid certificate, although HTTP isn’t redirected to HTTPS. However, the certificate doesn’t cover www.coques-telephone.com (which it should). The process that obtained the certificate for coques-telephone.com should be able to obtain a certificate for both names.

1 Like
#11

Please revoke the certificate which corresponds to that private key.

3 Likes
#12

Done with the commande : certbot revoke --cert-path /etc/letsencrypt/archive/coques-telephone.com/cert1.pem thank you

1 Like
#13

Hi @schoen, thank you for the information sorry i’m novice,
i want to activate the SSL so all my pages will be redirected to HTTPS, name.com will validate the HTTPS with my domain name, because when i open my domain name the navigator show that the domain name doesn’t correspond to the certificat of my server

#14

You have a correct certificate for coques-telephone.com but it doesn’t cover www.coques-telephone.com. It should. You should reissue your certificate so that it covers both names; then the error that you see about the mismatched name will go away.

After that, other web server configuration changes will also be necessary, but this is the first problem.

#15

Hi @schoen, please how could i cover both names ?
What are the changes on the web server configuration ?
Thank you

#16

What Certbot command did you originally use to request your existing certificate?

#17

I used yum install certbot
Then i just followed the instructions
I would do it again if needed or following the correct instructions if i did it wrong

#18

You should probably run

certbot certonly --expand -d coques-telephone.com -d www.coques-telephone.com

#19

Got an error did i loos the certificat ?
`certbot certonly --expand -d coques-telephone.com -d www.coques-telephone.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Error while running apachectl configtest.

AH00526: Syntax error on line 10 of /etc/httpd/conf/httpd-le-ssl.conf:

SSLCertificateFile: file ‘/etc/letsencrypt/live/coques-telephone.com/cert.pem’ does not exist or is empty

How would you like to authenticate with the ACME CA?


1: Apache Web Server plugin (apache) [Misconfigured]

2: Spin up a temporary webserver (standalone)

3: Place files in webroot directory (webroot)


Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 1


The selected plugin encountered an error while parsing your server configuration

and cannot be used. The error was:

Error while running apachectl configtest.

AH00526: Syntax error on line 10 of /etc/httpd/conf/httpd-le-ssl.conf:

SSLCertificateFile: file ‘/etc/letsencrypt/live/coques-telephone.com/cert.pem’

does not exist or is empty`

#20

Did you delete your prior certificate after revoking it? That would cause this error.

#21

I’ve juste deleted the private key because i’ve put it here by mistake,
How could i create it again please ?
Thank you