Invalid or missing intermediate (bundle) certificate

**Rocky Linux release 9.1 **
certbot 2.4.0
Server version: Apache/2.4.53 (Rocky Linux)

My domain is:

I ran this command:
certbot --apache
I have followed the instructions on this:

It produced this output:

Invalid Intermediate

You have an invalid or missing intermediate (bundle) certificate. This may not break your padlock on all browsers, but will on others. Please contact your SSL Vendor for assistance with this error.

Domain Matching

Your SSL certificate does not match your domain name!
Protected Domains:

  • cloud4

My web server is (include version):
Server version: Apache/2.4.53 (Rocky Linux)

The operating system my web server runs on is (include version):
**Rocky Linux release 9.1 **

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
[root@cloud4 conf]# certbot --version
certbot 2.4.0
certbot-auto --version
-bash: certbot-auto: command not found

Please help!!!!

I just checked the 2nd & 3rd subdomain on my server: & & those are working fine. No SSL errors

Any ideas what is the issue with the first subdomain --

[root@cloud4 ~]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name:
Serial Number: 300fdd02f29b5121df4f4faf867e44ba15f
Key Type: ECDSA
Expiry Date: 2023-06-19 07:45:47+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

[root@cloud4 ~]#

What does this show

sudo apachectl -t -D DUMP_VHOSTS
apachectl -t -D DUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
To pass extra arguments to httpd, see the httpd.service(8)
man page.

I was able to solve this issue by changing "ServerName" value in /etc/httpd/conf/httpd.conf


I hope this helps someone.


I doubt this is a robust solution

Try this instead

httpd -t -D DUMP_VHOSTS

That should be an FQDN.


WhyNoPadlock was seeing a self-signed certificate for cloud4 when the Apache configuration was still incorrect. You can still view it by running openssl s_client -connect -servername | openssl x509 -noout -text.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.