CentOS Apache self-signed certificate workaround (Mar 2021)

Recently we've heard from a considerable number of people using Certbot with Apache on CentOS who get a browser warning even after a successful certificate installation. These users are seeing a self-signed certificate error (meaning that the new Let's Encrypt certificate is not actually served to visitors to the site, even though it exists and Certbot displayed a "Congratulations!" message).

We've been able to identify one common reason for this problem in this situation, although we haven't agreed on the best long-term solution yet.

If you've encountered this specific problem (most likely only applicable to the combination CentOS+Apache+Certbot+early 2021), a temporary workaround is:

  • Open the file /etc/httpd/conf.d/ssl.conf in a text editor (normally this must be done as root or with sudo)
  • Find the line in this file beginning:
    #ServerName www.example.com:443
  • Remove the # at the beginning of this line so that it reads only:
    ServerName www.example.com:443
  • Save the file and restart Apache (e.g. sudo service httpd reload)

This is not necessarily the best long-term solution, but is likely to alleviate many of these problems without causing additional ones. :slight_smile:

Once again, this particular advice is generally only relevant if you already ran Certbot successfully to obtain your certificate but you or your users still see a self-signed/untrusted certificate error when going to your site in a browser. Like certain much earlier Certbot problems on CentOS, this problem is more likely to arise if your site name is later in the alphabet than the word ssl (!!) because of an issue having to do with the order in which configuration files are processed.

We'd be happy to hear feedback on whether this did or didn't work for you. But if your situation is different from the one mentioned above (e.g., different OS on your server), please do start your own Help topic describing your individual situation.


A post was split to a new topic: CentOS Apache workaround didn't work

If anyone hits this problem and is helped by Seth's post, I'd love to hear from you so we can ideally track down the problem and get it fixed so things just work.

Answers to the below questions would be useful to me.

My Apache version is:

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I used a guide/script/tool to configure Apache on my server (no, or provide the name/version/link to what you used):


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.