Created a certificate through Certbot but Chrome is saying invalid cert

SteveORH · August 22, 2019, 2:21pm

Hi,

I created a cert using the below command and it ran without error and seemed to produce the files necessary. I’ve updated the vhost file to point at

SSLCertificateFile /etc/letsencrypt/live/mobilesignalsolutions.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mobilesignalsolutions.co.uk/privkey.pem

And when I load my site on Chrome or Firefox it’s saying the certificate is not valid, but inspecting the cert from the address it appears to show that a certificate if present.

I must be missing something fundemental here, any help is greatly appreciated

My domain is: mobilesignalsolutions.co.uk

I ran this command: sudo certbot certonly --apache

It produced this output:

My web server is (include version): Ubuntu 18.0.4 LTS

The operating system my web server runs on is (include version): Linux 4.4

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

JuergenAuer · August 22, 2019, 2:30pm

Hi @SteveORH

checking your domain you see the error ( https://check-your-website.server-daten.de/?q=mobilesignalsolutions.co.uk ):

Domainname	Http-Status	redirect	Sec.	G
• http://mobilesignalsolutions.co.uk/
52.56.195.136	301	https://www.mobilesignalsolutions.co.uk/	0.166	E

• http://www.mobilesignalsolutions.co.uk/
52.56.195.136	301	https://www.mobilesignalsolutions.co.uk/	0.130	A

• https://mobilesignalsolutions.co.uk/
52.56.195.136	301	https://www.mobilesignalsolutions.co.uk/	3.417	B

• https://www.mobilesignalsolutions.co.uk/
52.56.195.136	200		3.590	N
Certificate error: RemoteCertificateNameMismatch

Your certificate has only one domain name:

CN=mobilesignalsolutions.co.uk
	13.08.2019
	11.11.2019
expires in 81 days	mobilesignalsolutions.co.uk - 1 entry

So your www version isn't secure.

Solution: Create one certificate with both domain names and use that instead.

sudo certbot certonly --apache -d mobilesignalsolutions.co.uk -d www.mobilesignalsolutions.co.uk

SteveORH · August 23, 2019, 9:10am

Thanks Juergen!

I believe I have it now,

Thank you very much!

JuergenAuer · August 23, 2019, 10:00am

Yep, your certificate is now correct. Rechecked your domain

CN=mobilesignalsolutions.co.uk
	22.08.2019
	20.11.2019
expires in 89 days	
mobilesignalsolutions.co.uk, www.mobilesignalsolutions.co.uk - 2 entries

the certificate has both domain names, both connections are secure.

Two other problems: Your 404 - page sends a http status 200 - that's a "softfail" (Google).

And your meta og:image doesn't work:

meta
	og:image
	https://dev.mobilesignalsolutions.com/wp-content/uploads/2019/04/mobile-signal-solutions-logo.png
	-1
	NameResolutionFailure - The remote name could not be resolved: 'dev.mobilesignalsolutions.com'
	1
	NameResolutionFailure - The remote name could not be resolved: 'dev.mobilesignalsolutions.com'

same with your twitter:image.

system · September 22, 2019, 10:13am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.