Lestsencrypt cetifricate is not valid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://www.todomaster.co/, https://todomaster.co/), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:
sudo certbot certonly --webroot -w /var/www/html -d todomaster.co -d www.todomaster.co
It produced this output:

  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2020-12-09. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

[ec2-user@ip-172-31-27-101 conf]$ sudo service httpd
My web server is (include version):

The operating system my web server runs on is (include version):Amazon Linux 2

My hosting provider, if applicable, is: aws

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.38.0

Hi @chathu020

the result is expected.

doesn’t install the certificate. Do that and restart your webserver.

1 Like

do that means run?
sudo certbot certonly

Firstly, let me welcome you to the Let’s Encrypt Community :slightly_smiling_face:

Based on this:

I’m assuming you’re using apache. Is that correct?

yes running on apache

what did you mean by

doesn’t install the certificate. Do that and restart your webserver.

As @JuergenAuer pointed out, you used certonly, which only acquires a certificate. You also used --webroot, which uses your running webserver to acquire your certificate. You still need to “install” your certificate, enable https, and create redirects from http to https.

1 Like

Is your apache configuration fairly “standard” (unmodified)?

can you guide me how can I “install” certificate, enable https, and create redirects from http to https.
how can I check Is your apache configuration fairly “standard” (unmodified)?

Let’s try something. We can roll it back if there’s an issue.

First, run the following and paste the output:

sudo certbot certificates


sudo certbot --reinstall

Certbot should ask.


Why did you use certonly?

PS: @griffin Your permanently more then one answer are spammy. Please stop that.

1 Like

sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: todomaster.co
Domains: todomaster.co www.todomaster.co
Expiry Date: 2020-12-09 05:08:38+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/todomaster.co/fullchain.pem
Private Key Path: /etc/letsencrypt/live/todomaster.co/privkey.pem

sudo certbot --reinstall
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn’t know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run “certbot certonly” to do so. You’ll need to manually configure your web server to use the resulting certificate.

It looks like you’ve already got https enabled and redirects in place, which is why @JuergenAuer has made that suggestion.

1 Like

Perhaps this @JuergenAuer?

sudo certbot -i apache --cert-name todomaster.co

It looks like there is no installation configuration in place.

He’s got a lot more experience than me, so I am deferring to his judgment.

1 Like

Alright, guess he’s not going to respond. Try just restarting apache. Do you know the command to do so for your server?

So Certbot doesn’t understand your configuration.

What says

httpd -S
1 Like

SSLCertificateFile: file ‘/etc/letsencrypt/live/todomaster.co/fullchain.pem’ does not exist or is empty

Please run it as root or sudo.

1 Like

VirtualHost configuration:
*:443 is a NameVirtualHost
default server ip-172-31-27-101.ap-southeast-1.compute.internal (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost ip-172-31-27-101.ap-southeast-1.compute.internal (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost todomaster.co (/etc/httpd/conf/httpd.conf:364)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
PidFile: “/run/httpd/httpd.pid”
User: name=“apache” id=48
Group: name=“apache” id=48