Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/crose.co.uk/fullchain.pem. Your cert will
expire on 2017-01-29. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew all of your certificates, run
"letsencrypt-auto renew"
My web server is (include version): Apache 2.4
Hi All,
I have gone through the steps to renew my certs on my server, however now when I go to www.crose.co.uk I am getting a warning from Chrome: ERR_CERT_AUTHORITY_INVALID (Looking at the cert details it seems to be a self signed one). However during the renewal process I provided both www and non www versions of the domain.
I have also restarted Apache numerous times and even rebooted the server, however I cannot get www.crose.co.uk to be viewable under https.
in my Apache vhost Config I have the usual culprits:
<VirtualHost *:443>
ServerName crose.co.uk
ServerAlias www.crose.co.uk
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/crose.co.uk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/crose.co.uk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/crose.co.uk/chain.pem
Which has always been fine previous. Which is why i’m left scratching my head.
Can anyone advise or recommend where I should look?
/etc/httpd/logs/ssl_error_log:[Mon Oct 31 04:37:46.521115 2016] [ssl:warn] [pid 1117:tid 139670451341376] AH01909: RSA certificate configured for www.crose.co.uk:443 does NOT include an ID which matches the server name
No, you don’t need to regenerate it - the cert looks fine ( and it looks as if you already generated it 3 times ) The cert if valid for www.crose.co.uk
OK, so you have removed www.crose.co.uk from httpd.conf and reloaded apache - so there is now only one place that www.crose.co.uk exists ?
What is your server name ? (the error might not matter too much if never use the server name of course )
So I had self signed certs config in the ssl.conf file that mod_ssl installs. I have commented these lines out and restarted apache but now it’s not working for non-www or www.