Err_cert_authority_invalid

I had the exact same setup and it all worked but after a long time of inactivity, returning to programming, I now can't get rid of ERR_CERT_AUTHORITY_INVALID. How can I debug this?

My domain is: emdeevy.com

I ran this command: sudo certbot --nginx

It produced this output:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/emdeevy.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/emdeevy.com/privkey.pem
This certificate expires on 2023-03-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for emdeevy.com to /etc/nginx/sites-enabled/emdeevy.com
Successfully deployed certificate for www.emdeevy.com to /etc/nginx/sites-enabled/emdeevy.com
Congratulations! You have successfully enabled HTTPS on https://emdeevy.com and https://www.emdeevy.com

My web server is (include version): nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 22.04.1 LTS

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.2

Hello @emdeevy, welcome to the Let's Encrypt community. :slightly_smiling_face:

Where are you seeing this message?

2 Likes

Hello! Thank you very much.
I see it in chrome when going to emdeevy.com

2 Likes

I am seeing what appears to be connectivity issues. These results are from around the world Check website performance and response: Check host - online website monitoring (a Permanent link to this check report).

Also have you tried clearing Chrome's cache and closing Chrome?

2 Likes

I don't think cache has anything to do with it, I also tried on my phone, and since it's not chrome I'm only getting 'the connection is not private', signaling that the cert is not valid somehow.

I have also tried removing the redirect from port 80, and when accessing http://emdeevy.com I would get the 404 as expected. Respectively I removed the first 7 lines from this:

if ($host = www.emdeevy.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot


if ($host = emdeevy.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot



listen 80;
server_name emdeevy.com www.emdeevy.com;
return 404; # managed by Certbot

leaving only the last 3 lines and it correctly gave me the 404 as expected, so I doubt it is an nginx issue either.

With SSL Server Test: emdeevy.com (Powered by Qualys SSL Labs) SSL Report: emdeevy.com (86.123.245.240) Assessment failed: Unable to connect to the server.
And I cannot connect to the domain name either.

And here is what is see with nmap

$ nmap -Pn emdeevy.com
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-20 16:40 UTC
Nmap scan report for emdeevy.com (86.123.245.240)
Host is up (0.19s latency).
Not shown: 992 closed ports
PORT    STATE    SERVICE
22/tcp  filtered ssh
23/tcp  filtered telnet
25/tcp  filtered smtp
80/tcp  open     http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp filtered https
445/tcp filtered microsoft-ds

Nmap done: 1 IP address (1 host up) scanned in 12.77 seconds
2 Likes

Oh my God, your last message just made me realise I port forward 433 instead of 443. I apologise for the inconvenience, thank you so much!

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.