Firefox does not trust this site because it uses a certificate that is not valid

Hi,
site:archiemigwi.tech

I am quite new to Let’s Encrypt so I would appreciate all the help I can get here. I run certbot --apache it seemed to have a successful output but when I try to access my site on firefox the certificate is still self signed. Here is the output from firefox:

When I check the site on ssllabs, it gives me a Certficate Name Mismatch message.

Appreciate your response.

Hi @kariuka

you have created 12 certificates in the last 7 days ( https://check-your-website.server-daten.de/?q=archiemigwi.tech#ct-logs ):

But you don't use one of these, instead, there is a self signed certificate:

E=root@centos-s-1vcpu-2gb-ams3-01, 
CN=centos-s-1vcpu-2gb-ams3-01, 
OU=SomeOrganizationalUnit, O=SomeOrganization, 
L=SomeCity, S=SomeState, C=--
	27.07.2019
	26.07.2020
expires in 362 days	

Where are these certificates?

What says

certbot certificates

Hi,

Thanks for your response, as i said I am a newbie at this and I have been retrying certbot only to get the result that I have posted above, and I guess thats why there are so many certs. The output from certbot certificates is as below;

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: archiemigwi.tech
Domains: archiemigwi.tech www.archiemigwi.tech
Expiry Date: 2019-10-28 10:35:26+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/archiemigwi.tech/fullchain.pem
Private Key Path: /etc/letsencrypt/live/archiemigwi.tech/privkey.pem

Looks like Certbot doesn’t understand your configuration and can’t install the certificate.

What says

apachectl -S

Perhaps you have more then one port 80 vHost.

I get no response on CLI??? What does that mean?

[root@centos-s-1vcpu-2gb-ams3-01 sites-available]# apachectl -S
[root@centos-s-1vcpu-2gb-ams3-01 sites-available]#

And an apachectl configtest gives me a Syntax Ok?? Really buggy.

If you use CentOS, try

httpd -S

Or check your config files manual to find duplicated definitions port + server name.

Hi Juergen,

Here is the output of httpd -S. Thanks again for taking the time.

VirtualHost configuration:
*:80 www.archiemigwi.tech (/etc/httpd/sites-enabled/archiemigwi.tech.conf:1)
*:443 is a NameVirtualHost
default server www.archiemigwi.tech (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost www.archiemigwi.tech (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost www.archiemigwi.tech (/etc/httpd/sites-available/archiemigwi.tech-le-ssl.conf:2)
alias archiemigwi.tech
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/archiemigwi.tech/public_html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
PidFile: “/run/httpd/httpd.pid”
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48

There

you see the problem. Duplicated combinations of port and domain name. The second vHost has both domain names, so merge these vHosts in the second.

Restart your Apache, then recheck your domain.

Thank you so much Juergen for your patience and time. it works well now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.