Installed certificates successfully but the website has loading problem

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: finance.gkp.pk

I ran this command:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

It produced this output:

My web server is (include version):
Ubuntu18.04.4 LTS
Codename: Bionic

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

1 Like

Hi @imshehryar

there are some checks of your domain, created yesterday - https://check-your-website.server-daten.de/?q=finance.gkp.pk

You have created one good certificate with both domain names (non-www and www):

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2020-03-09 2020-06-07 finance.gkp.pk, www.finance.gkp.pk - 2 entries duplicate nr. 1
Let’s Encrypt Authority X3 2020-03-09 2020-06-07 finance.gkp.pk - 1 entries duplicate nr. 1

But your port 443 doesn’t answer.

Is there a blocking firewall? Or is this

Host T IP-Address is auth. ∑ Queries ∑ Timeout
finance.gkp.pk A 175.107.63.149 Peshawar/Khyber Pakhtunkhwa/Pakistan (PK) - National Telecommunication Corporation Hostname: 175-107-63-149.reverse.ntc.net.pk yes 1 0
AAAA yes
www.finance.gkp.pk A 175.107.63.149 Peshawar/Khyber Pakhtunkhwa/Pakistan (PK) - National Telecommunication Corporation Hostname: 175-107-63-149.reverse.ntc.net.pk yes 1 0
AAAA yes

a home server, so a port forwarding is missing?

1 Like

Thanks for the quick response…
My ufw status is as follows:
To Action From


Apache ALLOW Anywhere
22/tcp ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
Apache (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)

Works your https internal?

curl https://finance.gkp.pk/

from that machine?

It produces the following output:
curl: (51) SSL: no alternative certificate subject name matches target host name ‘finance.gkp.pk’

please guide me how to resolve this issue…thank you

What command did you run to obtain and install your certificates?

What was its output?

You can find out the command by running history | grep certbot


I don’t think so, looks governmental.

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache
sudo certbot --apache -d finance.gkp.pk -d www.finance.gkp.pk

what does certbot certificates say?

What says

apachectl -S

It says:
Found the following certs:
Certificate Name: finance.gkp.pk
Domains: finance.gkp.pk
Expiry Date: 2020-06-08 16:12:19+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/finance.gkp.pk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/finance.gkp.pk/privkey.pem
Certificate Name: www.finance.gkp.pk
Domains: www.finance.gkp.pk
Expiry Date: 2020-06-08 16:22:12+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.finance.gkp.pk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.finance.gkp.pk/privkey.pem

Running apachectl -S outpus the following:

VirtualHost configuration:
*:443 finance.gkp.pk (/etc/apache2/sites-enabled/finance.gkp.pk-le-ssl.conf:2)
*:80 finance.gkp.pk (/etc/apache2/sites-enabled/finance.gkp.pk.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33 not_used
Group: name=“www-data” id=33 not_used

Got it working by adding entry for :

<VirtualHost *:443>


entry in /etc/apache2/sites-available/mydomain.conf and clearing browser cache…

1 Like