Installed correctly, but still says Certificate error using Edge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ivorselby.co.uk

I ran this command: Microsoft Edge url of : https://www.ivorselby.co.uk/

It produced this output: This site is not secure

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): AWS EC2 Linux
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

It looks as if you have generated a certificate via the test server, not the production server

getting cert from server - ivorselby.co.uk

Certificate chain
 0 s:/CN=ivorselby.co.uk
   i:/CN=Fake LE Intermediate X1
 1 s:/CN=Fake LE Intermediate X1
   i:/CN=Fake LE Root X1
---
Certificate:
Issuer: CN=Fake LE Intermediate X1
Not Before: Jan  3 10:17:47 2018 GMT
Not After : Apr  3 10:17:47 2018 GMT
Subject: CN=ivorselby.co.uk
Public Key Algorithm: rsaEncryption
DNS:ivorselby.co.uk

How did you generate the certificate ?

I had used

sudo /home/ec2-user/certbot-auto --apache --expand -d ivorselby.co.uk -d www.ivorselby.co.uk –debug

But that said it had installed but gave certificate error in Edge, so I tried

sudo /home/ec2-user/certbot-auto --apache –staging

and still got the same response

“–staging” is the staging or test server which is the certificate you have installed - so try without the “–staging” flag

Tried it, but please see attached

I’m getting a similar error and got a big green A at https://www.ssllabs.com/ssltest/analyze.html?d=train.climate.com.au

But when I looked at the detail of Certificate #2: RSA 2048 bits (SHA256withRSA) - which I didn’t realize was there I see the problem is given …

Subject ssds.climate.com.au
Fingerprint SHA256: d2b12ed11e597649c9c8a2b92cb02603f70c1db858b8abb591087bda9710c6bf
Pin SHA256: cyouIXjepMNQXey2HARzBqf44EwI2glIFPapORIDm4Q=
Common names ssds.climate.com.au
Alternative names ssds.climate.com.au MISMATCH
Serial Number 03b5e5384e8e90fa633e8dcc68eebaaa2f73
Valid from Sun, 17 Dec 2017 12:01:32 UTC
Valid until Sat, 17 Mar 2018 12:01:32 UTC (expires in 1 month and 21 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer Let’s Encrypt Authority X3
AIA: http://cert.int-x3.letsencrypt.org/
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency No
OCSP Must Staple No
Revocation information OCSP
OCSP: http://ocsp.int-x3.letsencrypt.org
Revocation status Good (not revoked)
Trusted No NOT TRUSTED
Mozilla Apple Android Java Windows

And so I would like to remove all certs and start again. There must be some reference to ssds.climate.com.au in the train.climate.com.au certificate.

I have seen another thread indicating certbot delete ought to work but I’m on Ubuntu 16.04 LTS and the latest certbot is 0.19.0 so I don’t think that’s an option for me.

I’m not confident mucking around here and would appreciate any pointers.

Many thanks

Mike

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.