I’ve got certificate and config VirtualHost already, but then sometime browsers show it is not secure.
When show not secure, the certificate will be self-signed cert.
And i have another domain inside this server too which display correct cert always
Any idea how to make it work?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
My domain is: smebigsmile.com
(another domain which always secure is asapatana.com)
I ran this command:
/usr/local/directadmin/scripts/letsencrypt.sh request smebig.com
and it said success but when open with Firefox sometime not secure
My web server is (include version): Apache
The operating system my web server runs on is (include version): Centos 6
I can login to a root shell on my machine (yes or no, or I don’t know): I have ssh to login
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): DirectAdmin 1.5.6
Thanks a lot
Hi @Jejj
there is only a self signed certificate visible ( https://check-your-website.server-daten.de/?q=smebigsmile.com ):
E=webmaster@localhost, CN=localhost, OU=none, O=none, L=Sometown,
S=Someprovince, C=US
12.06.2015
27.10.2042
expires in 8615 days
Both connections use that certificate:
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://smebigsmile.com/ | ||||
| 103.22.180.144 | 301 | https://smebigsmile.com/ | 0.484 | A |
| • http://www.smebigsmile.com/ | ||||
| 103.22.180.144 | 301 | https://www.smebigsmile.com/ | 1.673 | A |
| • https://www.smebigsmile.com/ | ||||
| 103.22.180.144 | 301 | https://smebigsmile.com/ | 4.200 | N |
| Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors | ||||
| • https://smebigsmile.com/ | ||||
| 103.22.180.144 | 200 | 3.933 | N | |
| Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors |
And you have already three identical certificates, complete 6 in the last 7 days:
| CRT-Id | Issuer | not before | not after | Domain names | LE-Duplicate | next LE |
|---|---|---|---|---|---|---|
| 1320854496 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-03-27 02:54:16 | 2019-06-25 01:54:16 | smebigsmile.com, www.smebigsmile.com | duplicate nr. 3 | |
| 1320854042 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-03-27 02:53:10 | 2019-06-25 01:53:10 | smebigsmile.com, www.smebigsmile.com | duplicate nr. 2 | |
| 1314470940 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-03-25 00:35:28 | 2019-06-22 23:35:28 | smebigsmile.com, www.smebigsmile.com | duplicate nr. 1 | |
| 1308749386 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-03-23 15:12:08 | 2019-06-21 14:12:08 | smebigsmile.com | duplicate nr. 2 | |
| 1311578227 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-03-23 14:56:02 | 2019-06-21 13:56:02 | smebigsmile.com | duplicate nr. 1 | |
| 1310227078 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-03-23 02:20:51 | 2019-06-21 01:20:51 | smeknowledge.com, www.smebigsmile.com | duplicate nr. 1 |
Your command uses another domain, smebig, not smebigsmile.
There is only a timeout.
Your script is from directadmin. Is there an additional installation required to remove the self signed certificate?
Yeah, that's right but sometime it shows the correct one
Use Chrome or Firefox will randomly show the secure and not secure
Yes, i used the latest one right now
Sorry, it is typo, but when request i typed smebigsmile.com
What should i do to make it secure always?
Is the website using multiple servers running behind a load balancer or something?
One way this can happen is if something went wrong when Apache was reloaded or restarted and there are both old and new Apache processes running with different certificates configured. Though it’s not supposed to happen at all.
It is only VPS which not running any load balancer. Maybe the server enter the wrong state? Do i need to restart machine to try?
Oh, thanks, should read the complete output.
That looks completely wrong. But your https + non-www version has the correct certificate (block url-check):
| Domainname (9471) | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • https://www.smebigsmile.com/ | ||||
| 103.22.180.144 | 301 | https://smebigsmile.com/ | 3.337 | N |
| Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors | ||||
| • https://smebigsmile.com/ | ||||
| 103.22.180.144 | 200 | 4.330 | I | |
And the chain check uses another connection.
So it looks that you have an orphaned apache process. Sometimes answers the old, sometimes the new.
--> reboot your server to kill that process.
Thanks a lot to both of you @JuergenAuer @mnordhoff 
It took me a few days to solved
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
