Recently we've heard from a considerable number of people using Certbot with Apache on CentOS who get a browser warning even after a successful certificate installation. These users are seeing a self-signed certificate error (meaning that the new Let's Encrypt certificate is not actually served to visitors to the site, even though it exists and Certbot displayed a "Congratulations!" message).
We've been able to identify one common reason for this problem in this situation, although we haven't agreed on the best long-term solution yet.
If you've encountered this specific problem (most likely only applicable to the combination CentOS+Apache+Certbot+early 2021), a temporary workaround is:
- Open the file
/etc/httpd/conf.d/ssl.confin a text editor (normally this must be done as root or with
- Find the line in this file beginning:
- Remove the
#at the beginning of this line so that it reads only:
- Save the file and restart Apache (e.g.
sudo service httpd reload)
This is not necessarily the best long-term solution, but is likely to alleviate many of these problems without causing additional ones.
Once again, this particular advice is generally only relevant if you already ran Certbot successfully to obtain your certificate but you or your users still see a self-signed/untrusted certificate error when going to your site in a browser. Like certain much earlier Certbot problems on CentOS, this problem is more likely to arise if your site name is later in the alphabet than the word
ssl (!!) because of an issue having to do with the order in which configuration files are processed.
We'd be happy to hear feedback on whether this did or didn't work for you. But if your situation is different from the one mentioned above (e.g., different OS on your server), please do start your own Help topic describing your individual situation.