It demonstrates that the certificate was not issued by Let’s Encrypt. (As does the expiration date – Let’s Encrypt certificates have a validity period of 90 days.) I mainly highlighted it to try to help you figure out what it is and where it came from, so that you can resolve the problem.
(For example, fake certificates issued by antivirus software usually include the antivirus software’s name.)
@skidambi75, in case you weren't aware of this, Let's Encrypt certificates don't include any Organization name for the subject of the certificate (because Let's Encrypt doesn't have a way to verify the identity of the organization using the domain name). Because the issuer and subject of the certificate @mnordhoff is talking about are the same, this is a self-signed certificate—not one issued by Let's Encrypt or any public certificate authority.
I had sent the following email before with two attachments, which was not accepted by Community support mail server. So, I am sending again with one screenshot at a time.
First one for absorpingbrain.org showing certificate details.
Here is the second one for val-u-pro.com.
Those are different certs.
The one in post #14 expires in November 2020:
As people previously said, the certificate you referenced in #14 is not a certificate issued by Let's Encrypt. It's self-signed and probably produced by your local server when there are no valid certificate found. (I guessed this part because you never requested a certificate for the www hostname before November 25th, as you could see Google Transparency Report)
The certificate authority invalid error and the fact that it has the same issued by and subject are clear facts that those are self-signed (Or not yet allowed in the CA store, but yours are not this case)
They are actually not talking about the website val-u-pro, as you mentioned, but about the invalid certificate, you mentioned in the previous comment, since the OU showed val-u-pro.
For Let's Encrypt certificates, it doesn't have any other fields filled beside the "CN" and the "Subject Alternative Names".
Even if you did enter it when doing the CSR, it would get removed when signing (creating) the actual certificate by CA software. (As you could see from the previous screenshot).
My guess was when you obtained the certificate and rebuild (around Nov 25-26, depending on timezone), you didn't bind the certificate correctly (or your computer have an old cache for the www version because you never obtained a certificate for that hostname before), which ends up the error message.
After that you've either refreshed cache or something else happened so the server and client are showing the correct certificate, problem solved. 
(Sorry if my words sound weird... I'm writing my final paper for English class) and apologize if this post looked like I sumed up everyone's reply. (It indeed is)
Thank you
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
