Net::err_cert_authority_invalid

Hello,

I'm a linux newbie, I have purchased domain joutsen.org and I have tried to make SSL work with Apache. I have followed these instructions trying to install letsecnrypt certificate with certbot:

https://certbot.eff.org/lets-encrypt/debianbuster-apache

once or twice I have tried installation with certbot that requires port 80 (I have stoppped Apache for that) and few times with the other method.

  • OS: Raspbian / Debian 10 Buster
  • Webserver: Apache/2.4.38 (Raspbian)
  • domain: https://joutsen.org/
  • Control panel: cPanel 90.0.8
  • Root acces: Yes
  • Certbot version: 1.9.0

On my hosting provider I have

  • redirected joutsen.org to my server IP
  • created DNS A record joutsen.org pointing to server ip (without really understanding what i'm doing)

Certificate seems to be installing normally and dry run goes through but domain says NET::ERR_CERT_AUTHORITY_INVALID.

    sudo certbot certificates
    Saving debug log to /var/log/letsencrypt/letsencrypt.log

    Found the following certs:
      Certificate Name: joutsen.org
        Serial Number: -
        Domains: joutsen.org
        Expiry Date: 2021-02-04 09:52:04+00:00 (VALID: 89 days)
        Certificate Path: /etc/letsencrypt/live/joutsen.org/fullchain.pem
        Private Key Path: /etc/letsencrypt/live/joutsen.org/privkey.pem

Apache2 port.conf


Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>

Listen 80
<IfModule mod_gnutls.c>
Listen 443
</IfModule>


contents of joutsen.org.conf


<VirtualHost *:80>
    DocumentRoot "/var/www/joutsen.org/public_html/"
    ServerName joutsen.org

RewriteEngine on
RewriteCond %{SERVER_NAME} =joutsen.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:443> 
  ProxyPreserveHost On
  ProxyRequests Off
  ServerName joutsen.org
  ServerAlias joutsen.org
  DocumentRoot "/var/www/joutsen.org/public_html/"
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/joutsen.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/joutsen.org/privkey.pem
</VirtualHost>
</IfModule>

2 Likes

Hi @jarde

checked with my browser I see a valid and new Letsencrypt certificate.

No problem is visible. Rechecked your domain via https://check-your-website.server-daten.de/?q=joutsen.org

You have created some certificates:

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-11-06 2021-02-04 joutsen.org
1 entries duplicate nr. 4
Let's Encrypt Authority X3 2020-11-06 2021-02-04 joutsen.org
1 entries duplicate nr. 3
Let's Encrypt Authority X3 2020-11-05 2021-02-03 joutsen.org
1 entries duplicate nr. 2
Let's Encrypt Authority X3 2020-11-05 2021-02-03 joutsen.org
1 entries duplicate nr. 1

And you use it.

Only (small) problem: Your certificate doesn't include the www version.

But if you don't use the www version, that's not relevant.

If you want to use the www, create one certificate with both domain names.

2 Likes

Hello,

but if you try to access https://joutsen.org/ it says NET::ERR_CERT_AUTHORITY_INVALID. ? Well at least for me when I try to access the site with my android phone (separate network from my LAN)

1 Like

Nevermind, it works for me now too, thank you :slight_smile:

3 Likes

May be only a cache problem.

My browser was happy :grinning:

3 Likes

What is the point of doing that (twice)?
[Maybe one of them was supposed to start with "www."]

READERS: Get involved and participate: If you read something you like, then click to like it :heart:

2 Likes

Hello,

Thanks for pointing that out, I don't really know what I'm doing so those settings didn't mean anything to me.

3 Likes