New wildcard certificate marked as not valid in browser

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *

I ran this command: certbot certonly --manual -d * --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server

It produced this output:

  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2020-11-08. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt:
    Donating to EFF:

My web server is (include version): Apache/2.4.6

The operating system my web server runs on is (include version): Linux Centos 7

My hosting provider, if applicable, is: VPS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.6.0

Hello. As yoy see in tittle my new certificate in browser is not valid.
I think have made all steps correctly.

My virtualhost loks like:

<VirtualHost *:443>
ErrorLog logs/
CustomLog logs/ common

SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off

SSLProxyVerify none

SSLProxyCheckPeerName off

SSLCertificateFile /etc/ssl/certs/entumovil-selfsigned.crt

SSLCertificateKeyFile /etc/ssl/private/entumovil-selfsigned.key

SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
#SSLCertificateChainFile /etc/letsencrypt/live/

DefaultType text/html

ProxyPass   /
ProxyPassReverse    /
 Order deny,allow
 Deny from all
 Allow from x.x.x.x

 AuthType Basic
 AuthUserFile /etc/httpd/conf.d/blueeye-webadmin.preproduccion.htpasswd
 Require valid-user

I will appreciate some help to solve this problem.
Thanks in advance

1 Like


I think you might have some misunderstanding on wildcard.

The wildcard certificate will cover,, etc, not

For your case, you’ll need to get a wildcard covering *

Thank you

1 Like

stevenzhu. Thanks to you for clearing up my misunderstanding.
I’m going to request another certificate.

Thanks again.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.