Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:
It produced this output:
This site can’t provide a secure sent an invalid response.
Try running Windows Network Diagnostics.
My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.6.0

I want to be able to reach family web pages on Apache on my Ubuntu Desktop. I did the Certbot Apache install and now I can't get into the site through DuckDns.

# This site can’t provide a secure connection

**** sent an invalid response.
* [Try running Windows Network Diagnostics](javascript:diagnoseErrors()).

I can get into the site locally. When I enter "", I get:
This server could not prove that it is; its security certificate is from This may be caused by a misconfiguration or an attacker intercepting your connection. and the browser drops into http:

Any tips would be appreciated.

This might be due to Apache being configured to provide HTTP instead of HTTPS on port 443.

This makes sense, as the IP address wouldn't be part of the certificate.

It actually doesn't: it still shows https:// in the address bar. Just with a big warning that it isn't secure due to the aforementioned IP/hostname mismatch.

That said, I have a lot of trouble connecting to your website, as a large part of the DuckDNS nameservers seem to be unresponsive. See e.g. | DNSViz.

But if I hardcode your IP address to the hostname in /etc/hosts, I see that your Apache is currently not listening at port 443 at all. While port 80 works fine, connecting on port 443 results in a connection refused.


Thanks for the insight. I see that when CertBot installed on my Apache system, it created a file:

This file (Comments removed):

<IfModule mod_ssl.c>
<VirtualHost *:443>

        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
Include /etc/letsencrypt/options-ssl-apache.conf

It also generated four .pem files in /etc/letsencrypt/live/

I ran sudo a2ensite mannmade.conf then restarted Apache2. The response was: "... already enabled".

Do I need to port forward 443 in my router?
So, please, what did I miss? How do I make Apache listen on Port 443?

1 Like

Do you want the Internet to reach your server via port 443?
[I would think so]


Then, I have a problem. Port 443 is already forwarded to my Home Assistant server.

You can run sites on different ports that you choose, so for instance https://<yourdomain>:8443/ could forward to port 443 on your other server. The port 80/port 443 stuff used for http and https is just the default convention, but you can use pretty much whatever you choose as long as that what's in your configuration and you specify it in the URL when accessing the service.


You can also use one of the two [on port 443] as a proxy for the other.


Then your Home Assistant server isn't running I presume? Because of the "Connection refused" on port 443.

Agreed, I'd opt for setting up one of the webservers as a reverse proxy for Home Assistant.


The HomeAssistant server on runs fine when I https into it. The Apache server on refuses the connection over https.

Time to learn more... Thanks for the tips.

1 Like

Not sure if it's already mentioned by certs from Let's Encrypt can't be for IP addresses, so you need to use fully qualified dns hostnames when accessing these services via https with an LE cert.


Well, currently I don't see any Let's Encrypt certificate at | :roll_eyes:

I see one using Well, two if you count the staging cert


Uch, is backlogged again...?

Hmm, jup, backlog of multiple days for some logs: | monitored-logs

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.