Certificate installed correctly but untrusted

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:


I ran this command:

sudo certbot certonly --standalone

It produced this output:

space separated) (Enter 'c' to cancel): localnewsplus.com.au, localnewsplus.net.au, torchpublishing.com.au, torchwiki.com.au, localtradesplus.com.au, torchindustrialestate.com.au
Requesting a certificate for localnewsplus.com.au and 5 more domains

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/localnewsplus.com.au/fullchain.pem
Key is saved at: /etc/letsencrypt/live/localnewsplus.com.au/privkey.pem
This certificate expires on 2023-06-29.
These files will be updated when the certificate renews.

My web server is (include version):

Apache 2.4

The operating system my web server runs on is (include version):

Mac OS Ventura (13.3)

My hosting provider, if applicable, is:

None - self hosted (local machine)

I can login to a root shell on my machine (yes or no, or I don't know):


I'm using a control panel to manage my site (no, or provide the name and version of the control panel):


The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


Hi all and thanks in advance for any assistance.

Forgive me for my novice questions but I have little understanding on how SSL works and I'm trying to include as much information as possible..

I have inherited responsibility for a new web server running MacOS 13.3, Apache and PHP 8.2 installed via Homebrew. There is a rewrite rule which directs any http request to https and any domain request to 'www.'domain_name

I stopped Apache and ran sudo certbot certonly --standalone - everything went well and certificates were created. I manually created entries in our apache config files and Apache testconfig shows syntax OK.

I get a security warning when accessing the site and checking the certificate shows a 'Bad_Cert_Domain" error
SSL Labs give me an 'A' rating.
WhyNoPadlock gives me 'green tick' on everything except a domain mismatch.

I'm guessing I should have entered www versions of the domains when I initially created the certificate. I've spent an entire evening googling how to add domains to the existing certificate but I'm terrified to try anything in case it hoses the current cert.

From my research I believe I need the certbot expand command and I think this is what it should be:

certbot --expand -d www.localnewsplus.com.au -d www.localnewsplus.net.au -d www.localtradesplus.com.au -d www.torchindustrialestate.com.au -d www.torchpublishing.com.au d www.torchwiki.com.au

Could anyone please confirm if this looks correct and if the domain mismatch would be caused by the missing 'www'.

Fwiw, I don't want to change the apache config files as I'm convinced they're ok.

Many thanks again for reading this far, I greatly appreciate both the existence of LetsEncrypt and the community.

Hello @torchpub, welcome to the Let's Encrypt community. :slightly_smiling_face:

Currently I see https://decoder.link/sslchecker/www.localnewsplus.com.au/443 is showing

Common Name: 	localnewsplus.com.au
Total number of SANs: 6

None of them are www.localnewsplus.com.au, so the certificate is correctly not trusted.
You need to add www.localnewsplus.com.au to the SANs.


Hi Bruce,

Thank you for your reply and confirmation the 'www' is what's missing.

I ran certbot --expand -d new_domain -d old_domain etc and everything seems to be working and testing correctly.

Many thanks again.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.