Net::err_cert_authority_invalid

jarde · November 6, 2020, 11:57am

Hello,

I'm a linux newbie, I have purchased domain joutsen.org and I have tried to make SSL work with Apache. I have followed these instructions trying to install letsecnrypt certificate with certbot:

https://certbot.eff.org/lets-encrypt/debianbuster-apache

once or twice I have tried installation with certbot that requires port 80 (I have stoppped Apache for that) and few times with the other method.

OS: Raspbian / Debian 10 Buster
Webserver: Apache/2.4.38 (Raspbian)
domain: https://joutsen.org/
Control panel: cPanel 90.0.8
Root acces: Yes
Certbot version: 1.9.0

On my hosting provider I have

redirected joutsen.org to my server IP
created DNS A record joutsen.org pointing to server ip (without really understanding what i'm doing)

Certificate seems to be installing normally and dry run goes through but domain says NET::ERR_CERT_AUTHORITY_INVALID.

    sudo certbot certificates
    Saving debug log to /var/log/letsencrypt/letsencrypt.log

    Found the following certs:
      Certificate Name: joutsen.org
        Serial Number: -
        Domains: joutsen.org
        Expiry Date: 2021-02-04 09:52:04+00:00 (VALID: 89 days)
        Certificate Path: /etc/letsencrypt/live/joutsen.org/fullchain.pem
        Private Key Path: /etc/letsencrypt/live/joutsen.org/privkey.pem

Apache2 port.conf

Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>

Listen 80
<IfModule mod_gnutls.c>
Listen 443
</IfModule>

contents of joutsen.org.conf

<VirtualHost *:80>
    DocumentRoot "/var/www/joutsen.org/public_html/"
    ServerName joutsen.org

RewriteEngine on
RewriteCond %{SERVER_NAME} =joutsen.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:443> 
  ProxyPreserveHost On
  ProxyRequests Off
  ServerName joutsen.org
  ServerAlias joutsen.org
  DocumentRoot "/var/www/joutsen.org/public_html/"
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/joutsen.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/joutsen.org/privkey.pem
</VirtualHost>
</IfModule>

JuergenAuer · November 6, 2020, 12:05pm

Hi @jarde

checked with my browser I see a valid and new Letsencrypt certificate.

No problem is visible. Rechecked your domain via https://check-your-website.server-daten.de/?q=joutsen.org

You have created some certificates:

Issuer	not before	not after	Domain names
Let's Encrypt Authority X3	2020-11-06	2021-02-04	joutsen.org
1 entries	duplicate nr. 4
Let's Encrypt Authority X3	2020-11-06	2021-02-04	joutsen.org
1 entries	duplicate nr. 3
Let's Encrypt Authority X3	2020-11-05	2021-02-03	joutsen.org
1 entries	duplicate nr. 2
Let's Encrypt Authority X3	2020-11-05	2021-02-03	joutsen.org
1 entries	duplicate nr. 1

And you use it.

Only (small) problem: Your certificate doesn't include the www version.

But if you don't use the www version, that's not relevant.

If you want to use the www, create one certificate with both domain names.

jarde · November 6, 2020, 12:21pm

Hello,

but if you try to access https://joutsen.org/ it says NET::ERR_CERT_AUTHORITY_INVALID. ? Well at least for me when I try to access the site with my android phone (separate network from my LAN)

jarde · November 6, 2020, 12:24pm

Nevermind, it works for me now too, thank you

JuergenAuer · November 6, 2020, 12:36pm

May be only a cache problem.

My browser was happy

rg305 · November 6, 2020, 1:42pm

What is the point of doing that (twice)?
[Maybe one of them was supposed to start with "www."]

READERS: Get involved and participate: If you read something you like, then click to like it

jarde · November 6, 2020, 2:20pm

Hello,

Thanks for pointing that out, I don't really know what I'm doing so those settings didn't mean anything to me.

system · December 6, 2020, 2:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.