Cert not trusted

I have not had to setup a SSL cert manually before and I am stumbling through the process. My cert seems to be installed and working but my site is showing as untrusted. I have looked at multiple sources to find a solution but have not found one that resolves my issue.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: themagnoliadifference.com

I ran this command: certbot apache -d

It produced this output:

My web server is (include version): Apache

The operating system my web server runs on is (include version): Cent 7

My hosting provider, if applicable, is: Hostinger VPS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

That's probably not the command you actually ran, as that would give an error.

We really need the actual output of certbot. If you don't have the terminal output any longer, you can find the logs in /var/log/letsencrypt/.

Also funny thing:

themagnoliadifference.com. 3600 IN A 83.136.219.183

Where 83.136.219.183 is indeed a Hostinger IP address.

While:

www.themagnoliadifference.com. 3600 IN CNAME ghs.googlehosted.com.

Which of course resolves to a Google hosting IP address..

So your apex domain is hosted somewhere else than your www subdomain? Weeeiiird..

1 Like

Hi @bpatton

that's

an incomplete command.

What says

certbot certificates
1 Like
[root@themagnoliadifference ~]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -`Preformatted text`
Found the following certs:
  Certificate Name: themagnoliadifference.com
    Serial Number: 307d25d0a3f227cf5bf2d93221e58397e4d
    Key Type: RSA
    Domains: themagnoliadifference.com
    Expiry Date: 2021-04-30 22:58:43+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/themagnoliadifference.com/fullchain.                                          pem
    Private Key Path: /etc/letsencrypt/live/themagnoliadifference.com/privkey.pe                                          m
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@themagnoliadifference ~]#

Yes. I purchased the domain from Google and resolve to my VPS on Hostinger.

So you have created a valid certificate.

Try

certbot --reinstall -d themagnoliadifference.com -i apache
2 Likes

See output below. I rebooted server and I am still receiving a untrusted site warning in Chrome.

[root@themagnoliadifference ~]# certbot --reinstall -d themagnoliadifference.com -i apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?


1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)


Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert not yet due for renewal
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/httpd/conf.d/themagnoliadifference.com-le-ssl.conf
Enhancement redirect was already set.


Congratulations! You have successfully enabled https://themagnoliadifference.com


IMPORTANT NOTES:

So your apache configuration is buggy, there is again the self signed.

What says

apachectl -S
2 Likes

[root@themagnoliadifference ~]# apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server themagnoliadifference.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost themagnoliadifference.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost themagnoliadifference.com (/etc/httpd/conf.d/themagnoliadifference.com-le-ssl.conf:2)
alias themagnoliadifference.com
*:80 themagnoliadifference.com (/etc/httpd/conf.d/themagnoliadifference.com.conf:1)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
[root@themagnoliadifference ~]

There is your buggy configuration.

Two port 443 vHosts with the same domain name. Merge both in one, remove the other.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.