Can't validate on domain name the CSR code (ERROR: The CSR does not appear to be valid)

Do you have a self signed certificate? If yes, use that in your vHost config file.

You have an Apache. There should be something like

SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

Use these two rows in your vHost definition of your domain and restart your Apache. Then the certificate is wrong. But this isn't a problem creating a new certificate.

Finally, a situation where cert revocation is actually appropriate!

1 Like

How could i know if i have a self signed certificate ?
And how could i generate the private certificate again

Check your main apache config file. Normally, there is a self signed certificate created.

Here is the content of the httpd-le-ssl.conf


DocumentRoot “/var/www/html/coques-telephone.com”
ServerName coques-telephone.com
<Directory “/var/www/html/coques-telephone.com”>
allow from all
Options None
Require all granted

SSLCertificateFile /etc/letsencrypt/live/coques-telephone.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/coques-telephone.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/coques-telephone.com/chain.pem

The problem is i’ve revoked the privkey

And one (the main) configuration file should have a block with the same names, there should be links to a self signed certificate you can use.

Sorry i didn't understand what you mean

Search your config files if there is the word

SSLCertificateFile

a second time. If you install an Apache, normally a self signed certificate is created. You can use that certificate.

Or deactivate your SSL-vHost with a2dissite.

You could also just delete this file and then have Certbot make a new one.

When you first ran Certbot, it made httpd-le-ssl.conf which is an HTTPS version of your existing configuration file httpd.conf. This pointed to some of the certificates that Certbot created. When you deleted these certificates, httpd-le-ssl.conf still existed and still pointed to the deleted files, which then makes your Apache configuration invalid.

If you delete httpd-le-ssl.conf, Certbot can make a new version of it when you request a new certificate.

1 Like

I did that but the httpd-le-ssl.conf wasn't regenerate it again,
now i see that both www or witouth it are accessible with HTTPS but the navigator show that it's not a trusted certificate
Can you see that please
Thank you

What should i do so the certificat would be valide by the browser ?

What Certbot command did you run?

I've generated from the Webmin interface

Hmmm, mixing command-line Certbot and Webmin can sometimes cause lots of problems. Were you using the Webmin interface from the beginning, or did you just start to use it now?

I have it from the beginning but i used the command-line Certbot first then Webmin
Do you have any idea about the browser problem please ?

What did Webmin say when you followed this process? Do you know if it edited your Apache configuration?

What error do you get in your browser when you access your site?

I didn't get any error in the end of the process, and about the configuration of Apache i don't think so, i've added manually to the httpd.conf this config :
<VirtualHost *:443>
ServerName coques-telephone.com
ServerAlias www.coques-telephone.com
ServerAdmin contact@coques-telephone.com
DocumentRoot /var/www/html/coques-telephone.com

    SSLCertificateFile      /etc/letsencrypt/live/coques-telephone.com/cert.pem
    SSLCertificateKeyFile   /etc/letsencrypt/live/coques-telephone.com/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/coques-telephone.com/chain.pem

    SSLEngine               on
    SSLProtocol             all -SSLv2 -SSLv3
    SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder     on
    SSLCompression          off
    SSLOptions              +StrictRequire                                                         
</VirtualHost>

It say that the certificat is not valid also "Your SSL certificate does not match your domain name!"

How recently did you request the certificate using Webmin?

By clicking on the button on the screenshot

Sorry, I meant “when did you do this?”.