Certificate sometime not works

I’ve got certificate and config VirtualHost already, but then sometime browsers show it is not secure.
When show not secure, the certificate will be self-signed cert.

And i have another domain inside this server too which display correct cert always
Any idea how to make it work?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

My domain is: smebigsmile.com
(another domain which always secure is asapatana.com)

I ran this command:
/usr/local/directadmin/scripts/letsencrypt.sh request smebig.com
and it said success but when open with Firefox sometime not secure

My web server is (include version): Apache

The operating system my web server runs on is (include version): Centos 6

I can login to a root shell on my machine (yes or no, or I don’t know): I have ssh to login

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): DirectAdmin 1.5.6

Thanks a lot

Hi @Jejj

there is only a self signed certificate visible ( https://check-your-website.server-daten.de/?q=smebigsmile.com ):

E=webmaster@localhost, CN=localhost, OU=none, O=none, L=Sometown, 
S=Someprovince, C=US
	12.06.2015
	27.10.2042
expires in 8615 days	

Both connections use that certificate:

Domainname Http-Status redirect Sec. G
http://smebigsmile.com/
103.22.180.144 301 https://smebigsmile.com/ 0.484 A
http://www.smebigsmile.com/
103.22.180.144 301 https://www.smebigsmile.com/ 1.673 A
https://www.smebigsmile.com/
103.22.180.144 301 https://smebigsmile.com/ 4.200 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://smebigsmile.com/
103.22.180.144 200 3.933 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

And you have already three identical certificates, complete 6 in the last 7 days:

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
1320854496 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-27 02:54:16 2019-06-25 01:54:16 smebigsmile.com, www.smebigsmile.com duplicate nr. 3
1320854042 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-27 02:53:10 2019-06-25 01:53:10 smebigsmile.com, www.smebigsmile.com duplicate nr. 2
1314470940 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-25 00:35:28 2019-06-22 23:35:28 smebigsmile.com, www.smebigsmile.com duplicate nr. 1
1308749386 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-23 15:12:08 2019-06-21 14:12:08 smebigsmile.com duplicate nr. 2
1311578227 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-23 14:56:02 2019-06-21 13:56:02 smebigsmile.com duplicate nr. 1
1310227078 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-23 02:20:51 2019-06-21 01:20:51 smeknowledge.com, www.smebigsmile.com duplicate nr. 1

Your command uses another domain, smebig, not smebigsmile.

There is only a timeout.

Your script is from directadmin. Is there an additional installation required to remove the self signed certificate?

Yeah, that’s right but sometime it shows the correct one
Use Chrome or Firefox will randomly show the secure and not secure

Yes, i used the latest one right now

Sorry, it is typo, but when request i typed smebigsmile.com
What should i do to make it secure always?

I


is this maybe the root cause?
then how gonna solve it, pls?

Thanks

Is the website using multiple servers running behind a load balancer or something?

One way this can happen is if something went wrong when Apache was reloaded or restarted and there are both old and new Apache processes running with different certificates configured. Though it’s not supposed to happen at all.

It is only VPS which not running any load balancer. Maybe the server enter the wrong state? Do i need to restart machine to try?

Oh, thanks, should read the complete output.

That looks completely wrong. But your https + non-www version has the correct certificate (block url-check):

Domainname (9471) Http-Status redirect Sec. G
https://www.smebigsmile.com/
103.22.180.144 301 https://smebigsmile.com/ 3.337 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://smebigsmile.com/
103.22.180.144 200 4.330 I

And the chain check uses another connection.

So it looks that you have an orphaned apache process. Sometimes answers the old, sometimes the new.

–> reboot your server to kill that process.

Thanks a lot to both of you @JuergenAuer @mnordhoff :smiley: It took me a few days to solved

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.