THe certificate created is only for 30 days actually it has to be 90 duration. pls suggest
All browsers are throwing the error (Unable to communicate securely with peer: requested domain name does not match the server’s certificate)
pls suggest
FYI: certificate on the browser side
SSL Server Certificate
Common Name (CN) onboardcustomer.com
Organisation (O)
Organisational Unit (OU)
Common Name (CN) Let’s Encrypt Authority X3
Organisation (O) Let’s Encrypt
Organisational Unit (OU)
Issued On Thursday, 15 February 2018 at 20:17:00
Expires On Wednesday, 16 May 2018 at 20:17:00
SHA-256 Fingerprint E8 62 EB 82 EB 39 08 AC E3 B1 AD A9 44 5D 8B DD
71 8A 00 F8 21 5A CF 4F AE 5F 73 E3 BC 15 43 FE
SHA-1 Fingerprint 35 B7 BD FB E3 82 82 A0 C6 F8 AA 15 64 E5 C9 C7
3C 0F BF A3
Perhaps you've misread "May" as "Mar" here? The certificate expires on May 16, which is indeed 90 days from now.
Your server setup is not right, although I don't know exactly how this happened.
When connecting to http://onboardcustomer.com/ (port 80 of 184.168.221.20), it generates a redirect to the URL https://139.59.15.140:8081/admin/login (port 443 of 139.59.15.140). This is a separate server entirely. The browser follows this redirect, but since the destination server is referred to by IP address instead of by name, the browser regards the certificate as invalid. (Since many sites can share the same IP address, the browser considers which name the site was accessed under in the URL in determining whether the certificate is correct. Hence, a certificate can be considered correct for one site hosted on a certain IP address, yet incorrect for another site, depending on the domain name through which the browser was told to access that site.)
In order for the certificate to be considered correct by the browser, the redirect would have to point to https://onboardcustomer.com/ (by name instead of by IP address). But, as I mentioned earlier, these are two different servers.
Currently, the server at 184.168.221.20 is not listening to connections on port 443 at all. Therefore, a browser can't load https://onboardcustomer.com/ and instead times out.
If you need to use both of these servers for different functions, they should be given two different names, perhaps via a subdomain, and then certificates should be issued for both names, not just one.
Let's Encrypt never issues certificates that are valid for a bare IP address. If you need to refer to a server by IP address in the browser for some reason, a Let's Encrypt certificate can't protect that connection.
An error occurred and we failed to restore your config and restart
your server. Please submit a bug report to https://github.com/letsencrypt/letsencrypt
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/onboardcustomer.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/onboardcustomer.com/privkey.pem
Well, Certbot should be able to do this for you, so you may have found a bug. If you’re interested in helping figure that out, could you share your logs from /var/log/letsencrypt with us somehow?
The basic steps for editing your Apache configuration yourself are something like
(here the certificate file is /etc/letsencrypt/live/example.com/cert.pem, the key file is /etc/letsencrypt/live/example.com/privkey.pem, and the chain file is /etc/letsencrypt/live/example.com/chain.pem)
When Certbot does this for you, it sets a few other settings as well, which can improve security for people connecting to your site in some ways.
If you have Apache 2.4.8 or later, you should use fullchain.pem instead of cert.pem for the certificate file, and then you don’t need to specify a chain file at all.