Clients thow error "cert authority invalid"


#1

Is the current (today’s) beta version still using the happy hacker cert? All my browsers are showing that “warning” stuff.

I pulled letsencrypt fresh today and created a new certificate for http://test.stm.website

Or did I something wrong?

mkdir /Install
cd /Install
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --apache

#2

I think the beta agreement is still needed. Try;

./letsencrypt-auto --apache --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview


#3

That does not seem to make any difference.

And the pure installation worked - without --server… as shown in https://letsencrypt.readthedocs.org/en/latest/using.html#installation


#4

Update:
https://www.ssllabs.com/ssltest/analyze.html?d=test.stm.website
shows

Certificate name mismatch
We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect

The Letsencrypt client detected my three webs stm.website, www.stm.website and test.stm.website and I only selected test.stm.website for the certificate


#5

Have you re-run it with the

–server https://acme-v01.api.letsencrypt.org/directory

Looking at your cert it’s still issued by happy hacker fake CA. I got a cert with that when I missed out that part. If you have re-run it, it looks as if it hasn’t installed the correct certs - they should be in

/etc/letsencrypt/live/“your domain”

so you could manually update your apache config (although the script should have done that).


#6

Hi,

I had the same issue: the problem is that I used the cli.ini config file in /etc/letsencrypt based on the example provided in the official documentation. If you’re in that case, just remove or comment the following line:

server = https://acme-staging.api.letsencrypt.org/directory