My browser shows unverified certificate


#1

hello, ive installed a lets encrypt certificate using this tutorial and everything went as it supposed to be ,
ive tested my certificate using https://www.ssllabs.com/ssltest/analyze.html?d=telprotector.ch
the only problem is when i open my website “telprotector.ch” the browser tells me that it could not verify the certificate! ive tested it on chrome safari firefox, whats am i doing wrong? how to solve this problem? thanks in advance,


#2

What web server are you using? Ok see you are using apache.

Did you install the certificates correctly on your Vhost ??

Your SSL cert test fine with Qualsys so it’s just an Apache config problem


#3

Your certificate is only valid for the domain name telprotector.ch, not www.telprotector.ch. You redirect to the www subdomain when someone visits https://telprotector.ch, and since the certificate does not include that domain, you get a browser warning.

The remediation steps depend on how you obtained the certificate initially. If you used the apache plugin, you might want to add a ServerAlias www.telprotector.ch line to your vhosts and then re-run the certbot command you used initially. Happy to provide more detailed instructions if you tell us what commands you used to get the certificate in the first place.


#4

You could as @pfg mentioned re-generate the cert to add on the www or you can just run your site without the www, then just change your redirect to go to https://telprotector.ch and not https://www.telprotector.ch


#5

thanks for your answer that seems to be so logic, but coudnt i just add a domain to my existing certificate?
im new to this kind of thing, i was just following this tutorial, thanks in advance


#6

Adding a domain is essentially creating a new certificate. If you used letsencrypt / certbot to create it though, use the --expand command to add the additional domain name.


#7

ive used certbot-auto --apache -d website.com
so should i just do : certbot-auto --apache --expand -d www.website.com ?


#8

You would have to add both domains, i.e. -d website.com -d www.website.com.

Alternatively, you can just add a ServerAlias to your vhosts, as that’s where the client gets the list of domains from (it parses your ServerName or ServerAlias directives).


#9

see https://certbot.eff.org/docs/using.html#re-running-certbot

You need to include in all the domain names so It would be

certbot-auto --apache --expand -d website.com -d www.website.com


#10

thanks guys that really helped ! ive ended up adding a ServerAlias. thanks


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.