Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: kiwi.hallikainen.org
I ran this command: certbot --apache -v
It produced this output:
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 6
Certificate not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for kiwi.hallikainen.org
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/kiwi.hallikainen.org/fullchain.pem
Key is saved at: /etc/letsencrypt/live/kiwi.hallikainen.org/privkey.pem
This certificate expires on 2021-11-09.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying Certificate to VirtualHost /etc/httpd/conf.d/vhosts.conf
Successfully deployed certificate for kiwi.hallikainen.org to /etc/httpd/conf.d/vhosts.conf
Enhancement redirect was already set.
Your existing certificate has been successfully renewed, and the new certificate has been installed.
My web server is (include version):
Server version: Apache/2.4.37 (AlmaLinux)
Server built: Apr 20 2021 10:48:33
The operating system my web server runs on is (include version):
AlmaLinux release 8.4 (Electric Cheetah)
My hosting provider, if applicable, is: Contabo
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): certbot 1.18.0
Note the issue described in the subject. Certbot seems to have succeeded, but Chrome reports that the certificate cannot be verified up t a trusted source.
Here's the section of my vhosts.conf file:
<VirtualHost *:443> SSLEngine on # from https://community.letsencrypt.org/t/a-tutorial-to-start-with-centos-6-5/3755/7 SSLVerifyClient none ServerAdmin email@example.com DocumentRoot /home/public_html ServerName kiwi.hallikainen.org Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/kiwi.hallikainen.org/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/kiwi.hallikainen.org/privkey.pem </VirtualHost>
I note that the issuer reported by Chrome is not Letsencrypt: