Certificate not valid / trusted


#1

Hi, Been working for a day now to get everything working. The Certbot worksfine for both the www and non www version of my site.
But no matter what i change or update; both Chrome and Edge keep saying that my site is not trusted. I have check for http:// links on my site but there are none.
When i look in the browser for an explanation is just says it is not valid.
One thing i noticed (don’t know if it has anything to do with it); the supplied to gives my servername and not my domainname.

Anybody got an idea how to fix this?

My domain is:
goedkoopstekeuze.nl

I ran this command:
Certbot

My web server is (include version):
Apache

The operating system my web server runs on is (include version):
Cent OS 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes


#2

You’re using a self-signed certificate on that domain, not the Let’s Encrypt cert.


#3

Hi @goedkoopstekeuze

you have created a certificate (today):

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:goedkoopstekeuze.nl&lu=cert_search

So this part works. But you don’t use it.

Reload / Restart Apache?


#4

That’s just a name. Not a full command. Or did you actually just run certbot without any options? If so, it should have asked a lot of questions. It would be helpful if you’d tell us the questions and the answers to those questions. If you actually did run certbot with options, it would have been very handy if you’d actually tell us the full command.

Also, the question about the output of the command is missing. I guess you deleted it, but why? It would have been very helpful.

By not telling us everything and even removing questions, you’re making us guess. And that’s very frustrating. Without the required information, we can’t help you properly.


#5

I have restarted it multiple times


#6

I Ran the certbut multiple times with different commands and all without errors and so i tought it wouldn’t matter. That’s why i deleted it.


#7

It matters a lot. I don’t think you can get those different commands and post them here, including the output?

Did you use a guide? If so, which one? Did you run certbot --apache at one moment? Did you use the guides from https://certbot.eff.org/?


#8

Then you have to fix your configuration manual.

certbot certificates

shows the certificates and the paths + files.

So you have to change your apache - configuration, remove the self signed certificate, add the Letsencrypt-certificate.


#9

I wouldn’t recommend this if I were you. He’s using Apache, so the apache plugin of certbot would be better if you’d ask me. Manually changing stuff would make things harder I believe. No offence to @goedkoopstekeuze, but I would suggest keeping stuff as simpel as possible.


#10

I used the guide from my hoster: https://www.transip.nl/knowledgebase/artikel/414-wil-een-ssl-certificaat-apache-installeren/#sslinstalllecentos (it is in dutch).

Just used the guide you linked from certbot.eff.org.
Output as images included:


#11

You’ve selected “2” when you were asked to choose the domains to be included in the certificate. That would only give you a certificate with the www. hostname included. But not the “bare” domain name. The first time, you choose both hostnames, which I would recommend.

Also, because you’ve already requested (and got!) 5 certificates for www.goedkoopstekeuze.nl, you are experiencing one of the rate limits.

I would recommend entering “1” as wel as “2” when asked for the domains (or just press enter to select all the domains). And please tell us the output here.

Strangely enough though it isn’t a www or non-www-domain issue, but the self signed certificate which is currently installed. The --apache plugin should have added and/or changed the Apache configuration file to use the Let’s Encrypt certificate.

You might want to check where the reference to the self signed certificate is contained in the Apache configuration file by running grep -Ri SSLCertificateFile /etc/apache/ (assuming that’s the correct directory for Apache in CentOS, perhaps you need to use /etc/apache2/ or something).


#12

I dont really know what i have done now (was working on the Vhost) and all of a sudden it is working :slight_smile:
(Dit include the Vhost config changes for 443 inside the httpd.conf and rebooted)


#13

Unfortunately, the certificate is only valid for www.goedkoopstekeuze.nl, not for goedkoopstekeuze.nl. This leads to invalid certificate warnings in Internet Explorer, Opera, Safari and Firefox (I believe Chrome ignores this www-errors).

You should redo some of the steps and install the certificate for both hostnames.


#14

The certificate

https://transparencyreport.google.com/https/certificates/%2FeM1KyQXQpLUwVxBFOm3NvXnzeqfK67G4IUuK7Zqz5g%3D

has both names - goedkoopstekeuze.nl and www.goedkoopstekeuze.nl

So use

this certificate in your vhost config. Then you have both names.


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.