Creating new certificate worked, but https isn't accessible


I followed this guide to install new certificate for my website because my certificate was expired.

The installation was a success, but i still get the privacy error, although, the expiration date as changed and is now not expired.

here’s my ssl.conf:
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.

DocumentRoot /var/www/html

SSLEngine on

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

using apache2 with ubuntu 18.04

I’ve looked through this section multiple similar subject, tried to restart apache2 didn’t worked.
If you have suggestion please do,
Thank you!


Hi @ocrean

that’s simple, see your check, ~~40 minutes old -

Your certificate
expires in 90 days - 1 entry

has only the non-www domain name, but you have a redirect to your www version.

So that’s insecure.

Create one certificate with both domain names and use that.



Thank you for your time!

I tried to put a ServerAlias but it didn’t work

When I run the commands from certbot they ask me to choose from a list and is not there, only

How can I make one for both?

Edit: nevermind, it has appeared somehow, or I’m blind, either way, it’s working! Thank you!



apachectl -S

to find your defined and used vHosts.

Easiest solution: One port 80 vHost with non-www and www, then Certbot can use that vHost as template to create the port 443 vHost.