Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *.cubacel.entumovil.cu

I ran this command: certbot certonly --manual -d *.cubacel.entumovil.cu --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

It produced this output:
IMPORTANT NOTES:

• Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/cubacel.entumovil.cu/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/cubacel.entumovil.cu/privkey.pem
  Your cert will expire on 2020-11-08. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew all of your certificates, run
  “certbot renew”

• Your account credentials have been saved in your Certbot
  configuration directory at /etc/letsencrypt. You should make a
  secure backup of this folder now. This configuration directory will
  also contain certificates and private keys obtained by Certbot so
  making regular backups of this folder is ideal.

• If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
  Donating to EFF: https://eff.org/donate-le

My web server is (include version): Apache/2.4.6

The operating system my web server runs on is (include version): Linux Centos 7

My hosting provider, if applicable, is: VPS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.6.0

Hello. As yoy see in tittle my new certificate in browser is not valid.
I think have made all steps correctly.

My virtualhost loks like:

<VirtualHost *:443>
ServerName blueeye-webadmin.preproduccion.cubacel.entumovil.cu
ErrorLog logs/blueeye-webadmin.preproduccion.cubacel.entumovil.cu-error_log
CustomLog logs/blueeye-webadmin.preproduccion.cubacel.entumovil.cu-access_log common

SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off

SSLProxyVerify none

SSLProxyCheckPeerName off

SSLCertificateFile /etc/ssl/certs/entumovil-selfsigned.crt

SSLCertificateKeyFile /etc/ssl/private/entumovil-selfsigned.key

SSLCertificateFile /etc/letsencrypt/live/cubacel.entumovil.cu/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cubacel.entumovil.cu/privkey.pem
#SSLCertificateChainFile /etc/letsencrypt/live/cubacel.entumovil.cu/chain.pem

DefaultType text/html

ProxyPass   /       https://blueeye-webadmin.preproduccion.cubacel.entumovil.cu:8643/
ProxyPassReverse    /       https://blueeye-webadmin.preproduccion.cubacel.entumovil.cu:8643/

SSLRequireSSL

 Order deny,allow
 Deny from all
 Allow from x.x.x.x

 AuthType Basic
 AuthName "HOSTING-PREPRODUCCION - BLUEEYE WEBADMIN"
 AuthUserFile /etc/httpd/conf.d/blueeye-webadmin.preproduccion.htpasswd
 Require valid-user

I will appreciate some help to solve this problem.
Thanks in advance

Hi,

I think you might have some misunderstanding on wildcard.

The wildcard certificate will cover preproduction.cubacel.entumovil.cu, preproduction1.cubacel.entumovil.cu, preproduction2.cubacel.entumovil.cu etc, not 1.preproduction.cubacel.entumovil.cu

For your case, you’ll need to get a wildcard covering *.preproduccion.cubacel.entumovil.cu

Thank you

stevenzhu. Thanks to you for clearing up my misunderstanding.
I’m going to request another certificate.

Thanks again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.