Invalid or missing intermediate (bundle) certificate

rscl.mumbai · March 21, 2023, 8:10am

**Rocky Linux release 9.1 **
certbot 2.4.0
Server version: Apache/2.4.53 (Rocky Linux)

My domain is:
cloud4.31west.net
cloud5.31west.net
seo.31west.net

I ran this command:
certbot --apache
I have followed the instructions on this: https://certbot.eff.org/instructions?ws=apache&os=centosrhel9

It produced this output:

Invalid Intermediate

You have an invalid or missing intermediate (bundle) certificate. This may not break your padlock on all browsers, but will on others. Please contact your SSL Vendor for assistance with this error.

Domain Matching

Your SSL certificate does not match your domain name!
Protected Domains:

cloud4

My web server is (include version):
Server version: Apache/2.4.53 (Rocky Linux)

The operating system my web server runs on is (include version):
**Rocky Linux release 9.1 **

My hosting provider, if applicable, is:
Linode

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
[root@cloud4 conf]# certbot --version
certbot 2.4.0
certbot-auto --version
-bash: certbot-auto: command not found

Please help!!!!

rscl.mumbai · March 21, 2023, 8:33am

I just checked the 2nd & 3rd subdomain on my server: cloud5.31west.net & seo.31west.net & those are working fine. No SSL errors

Any ideas what is the issue with the first subdomain -- cloud4.31west.net

rscl.mumbai · March 21, 2023, 9:10am

[root@cloud4 ~]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: cloud4.31west.net
Serial Number: 300fdd02f29b5121df4f4faf867e44ba15f
Key Type: ECDSA
Domains: cloud4.31west.net cloud5.31west.net seo.31west.net
Expiry Date: 2023-06-19 07:45:47+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/cloud4.31west.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/cloud4.31west.net/privkey.pem

[root@cloud4 ~]#

MikeMcQ · March 21, 2023, 12:18pm

What does this show

sudo apachectl -t -D DUMP_VHOSTS

rscl.mumbai · March 21, 2023, 4:08pm

apachectl -t -D DUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
To pass extra arguments to httpd, see the httpd.service(8)
man page.

rscl.mumbai · March 21, 2023, 4:10pm

I was able to solve this issue by changing "ServerName" value in /etc/httpd/conf/httpd.conf

#ServerName cloud4.31west.net
ServerName 127.0.0.1

I hope this helps someone.

Thanks

MikeMcQ · March 21, 2023, 4:11pm

I doubt this is a robust solution

Try this instead

httpd -t -D DUMP_VHOSTS

rg305 · March 21, 2023, 4:22pm

That should be an FQDN.

Osiris · March 21, 2023, 5:17pm

WhyNoPadlock was seeing a self-signed certificate for cloud4 when the Apache configuration was still incorrect. You can still view it by running openssl s_client -connect cloud4.31west.net:443 -servername 127.0.0.1 | openssl x509 -noout -text.

system · April 20, 2023, 5:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.