It produced output:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mesimi.online/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mesimi.online/privkey.pem
Your cert will expire on 2020-11-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew all of
your certificates, run “certbot renew”
If you like Certbot, please consider supporting our work by:
So it looks like you might have two different configurations serving two different certificates. You should only have one configuration with a permanent (301) redirect from non-www to www (or vice versa should you desire).
The ISSUED BY on the default certificate for the non-www is your own domain and thus is self-signed, making it untrusted (and useless).
See the different content below. It appears that www is correct content while non-www is default content. This problem can be “painted over” by fixing your redirects, but you should not be serving two sets of content.
Where is the file I can modify these configuration, it looks like at the main domain non-www the one that is showing invalid certificate "port 443 namevhost mesimi.online (/etc/httpd/conf.d/ssl.conf:56)" have the wrong file, this file does not exist, and this should be the solution.
I have to replace this path, with "port 443 namevhost mesimi.online (/etc/httpd/sites-available/mesimi.online-le-ssl.conf:2)" and it should work then.
you see the problem: Two port 443 vHosts with the same domain name. Merge these in one, then create one certificate with both domain names.
Now you have one certificate with 6 domain names, but no matching vHost.
Typical configuration: One port 80 vHost with both domain names per main domain (non-www and www), then a certificate with both domain names and a port 443 vHost.
That's because your new certificate covers those other subdomains as well. The problem is that due to duplicate configurations, as @JuergenAuer has pointed out, you're not actually serving the same content on https://mesimi.online as https://www.mesimi.online.
You would probably be MUCH better off with a wildcard (*.) certificate that covers EVERY subdomain rather than individually listing each one. The domains you want a certificate for are mesimi.online and *.misimi.online. The only advantages of individually certifying sybdomains are the ability to create individual certificates and the ability to use file-based (http) verifications for Let's Encrypt rather than dns verifications.
@JuergenAuer I found the issue already, but still I'm not finding the location configuration file to change the right file path.
When I hit: httpd -S or httpd -D DUMP_VHOSTS
I can see, that main domain have the wrong file configuration.
port 443 namevhost mesimi.online (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost www.mesimi.online (/etc/httpd/sites-available/mesimi.online-le-ssl.conf:2)
alias mesimi.online
The first line or the non-www domain should have the same configuration file as the second in order to resolve the issue.
Where is the location of this configuration that is showing up by using command: httpd -S so I can replace the right configuration path to the main domain.
