Non trusted certificate


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot --apache -n --expand --redirect -d

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/lms_8b48e136dcd8-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/lms_8b48e136dcd8-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/lms_8b48e136dcd8-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/lms_8b48e136dcd8.conf to ssl vhost in /etc/apache2/sites-available/lms_8b48e136dcd8-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled

You should test your configuration at:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2019-05-28. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2018-04-18T14:53:04

The operating system my web server runs on is (include version):
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial

My hosting provider, if applicable, is:
We use Digital Ocean, but I am no sure if is it what you ask

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.26.1

Sometimes we can access the site correctly whitout troubles, but sometimes the certificate got not trusted, and change de common name.
Please help us!

PS. We have lot of subdomains like the used here working without troubles


Hi @metiene

checking your site there is a wrong certificate ( ):

Domainname Http-Status redirect Sec. G 301 0.213 A 200 7.130 N
Certificate error: RemoteCertificateNameMismatch

The certificate:
expires in 58 days, - 2 entries

So the certificate you have created and the vHost isn’t used. Perhaps the standard vHost is used.

Is there another vHost definition with something like

<VirtualHost ...>

Perhaps check your vHosts with

apachectl -t -D DUMP_VHOSTS


Thanks for you answer!

I really have two vHosts for

This I created

<VirtualHost *:80>
        ServerAdmin webmaster@localhost104.236.69.109
        DocumentRoot /mnt/lmsestudio-instance-vol002/lms_8b48e136dcd8/public
RewriteEngine on
RewriteCond %{SERVER_NAME}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

<VirtualHost *:80>
        DocumentRoot /mnt/lmsestudio-instance-vol002/lms_8b48e136dcd8/public/

<Directory /mnt/lmsestudio-instance-vol002/lms_8b48e136dcd8/public/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted

And this other, created by certbot

<IfModule mod_ssl.c>
	<VirtualHost *:443>
        ServerAdmin webmaster@localhost104.236.69.109
        DocumentRoot /mnt/lmsestudio-instance-vol002/lms_8b48e136dcd8/public
		SSLCertificateFile /etc/letsencrypt/live/
		SSLCertificateKeyFile /etc/letsencrypt/live/
		Include /etc/letsencrypt/options-ssl-apache.conf

I have too many other vHosts and all works ok.

And also, I have vHost in the same format for

I really no understand the problem, can you give any clue to solve this trouble?

Thanks in advance


This vHost

is a duplicate, so remove it.

This definition in the vHost 80 and vHost 443

is duplicate, so remove the second row. A typical usage is


But this isn’t the certificate problem.

Check the 443 vHost with these two domain names:

This is used instead of your correct vHost. You can use to recheck your domain. Browsers are caching sometimes too much.

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.