HTTP works and redirects to HTTPS, but not HTTPS

My domain is:,
I ran this command:
It produced this output:


This server could not prove that it is ; its security certificate is from * . This may be caused by a misconfiguration or an attacker intercepting your connection.

My web server is (include version):
It is a react App
The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.27.0

Other things
So everything works pretty great with certbot and I got excellent help 1-2 days ago here (for free of all things, crazy). I made a DNS wildcard cert and it worked great. But I realized I didn’t cover the other alternate domain (or at least I think it didn’t; and I probably didn’t need the wildcard). So I got a cert for with the --webroot option.

What is weird is that works in the browser and redirects to https as my app’s been directed to do, but when I type in the browser, I get the error message about the cert. Any ideas why?
shows the name mismatch/security problem:

It works when you add the WWW:

You do need to replace that cert with both names (if you expect to use the root domain).
or maybe you already have a “better” cert…
Please show the output of:
certbot certificates

1 Like

Thanks rg for the quick reply.

Yes, it is a minor issue that it doesn’t work in this one case without the www.

Replace the * cert with both names?

I did the DNS cert on a separate machine…so here is that output of certbot certificates there:

Found the following certs:
Certificate Name:
Domains: *
Expiry Date: 2020-05-31 15:31:52+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

And here is the output on the other machine:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 1.2.0 renewal configuration file found at /etc/letsencrypt/renewal/ with version 0.27.0 of Certbot. This might not work.
Renewal configuration file /etc/letsencrypt/renewal/ produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.

Found the following certs:
Certificate Name:
Expiry Date: 2020-06-02 03:57:00+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/
Certificate Name:
Domains: *
Expiry Date: 2020-05-31 17:01:14+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

The following renewal configurations were invalid:

I may have moved the DNS cert to the second machine to “make up” for my making the DNS cert on the first machine.

[they look alike but are not one and the same - like your children my have your last name but they are NOT you]

So neither cert (on either machine) can cover both names, at the moment.
You need to rerun the cert process and include both names:
-d '*' -d
switch to the new cert
then delete the unused ones.

1 Like

Okay, thanks for the extra clarifications (I need it).

So I

  1. ran
    sudo certbot certonly --webroot -w /web/server/path -d -d and got the new certs.

  2. Deleted the DNS certificate I had on my first machine (with sudo certbot delete --cert-name and then also removed the .txt record I had for the DNS challenge on godaddy.

But the cert still shows as * and I still have the same issue.

Also, I realized my code was redirecting the buggy to, so after changing that back now neither http or https version works of

Hi @Danc2050

you have to install the certificate if you use certonly. Minimal a restart of your webserver is required.

1 Like

STEP #1:

[your site is till using the old cert]

STEP #2:

For #1, you can use certbot certificates to show you the complete path and name of the new cert.

1 Like

Oh man…if it was any more simpler it would be breathing.

Thank you both so much, it works great now!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.