Letsencrypt Certificate Not Recognized as SSL

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: hprauto.com

I ran this command:

It produced this output:

My web server is (include version):Apache 2.4.33

The operating system my web server runs on is (include version): Mac High Sierra

My hosting provider, if applicable, is: network solutions

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot Not Supported-Created the certificate using latest Certbot on a Mac Monterey machine

I have loaded the certificate into my keychain. It is trusted. When I assign the certificate to the website using Server App, the certificate is not considered SSL.

Jeff Reuben

Your site isn't serving a cert that covers that name.
See: SSL Server Test: hprauto.com (Powered by Qualys SSL Labs)

And please show the outputs of:
certbot certificates
sudo apachectl -t -D DUMP_VHOSTS

Thank you for your quick response. Here is the output of the two commands:

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Renewal configuration file /etc/letsencrypt/renewal/www.classicautoserv.com.conf produced an unexpected error: expected /etc/letsencrypt/live/www.classicautoserv.com/cert.pem to be a symlink. Skipping.

Found the following certs:

Certificate Name: hprauto.com

Serial Number: 4fbcf6d43e117139286b26873e950fc0370

Key Type: RSA

Domains: hprauto.com

Expiry Date: 2022-02-03 21:20:52+00:00 (VALID: 87 days)

Certificate Path: /etc/letsencrypt/live/hprauto.com/fullchain.pem

Private Key Path: /etc/letsencrypt/live/hprauto.com/privkey.pem

Certificate Name: nmis.com

Serial Number: 356c9dc62b16c3f62a97f9a94facb669d75

Key Type: RSA

Domains: nmis.com www.nmis.com

Expiry Date: 2022-01-29 17:51:28+00:00 (VALID: 82 days)

Certificate Path: /etc/letsencrypt/live/nmis.com/fullchain.pem

Private Key Path: /etc/letsencrypt/live/nmis.com/privkey.pem

The following renewal configurations were invalid:

sudo apachectl -t -D DUMP_VHOSTS
AH00526: Syntax error on line 152 of /private/etc/apache2/extra/httpd-ssl.conf:
SSLCertificateKeyFile: file '/etc/letsencrypt/live/hprauto.com/privkey.pem' does not exist or is empty

1 Like

That looks like you might have tried to copy some files around and overwrote it.
One should never need to copy any files into the /etc/letsencrypt/ path.

This also points towards a copy gone bad and overwrote a key file.

At this point I can't be sure of what is the best way out of this mess.
One path might be to remove the entire /etc/letsencrypt/ path and reissue your LE certs.
But you would have to review all your steps / scripts to ensure you won't be making this same mistake.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.