Renewal of crose.co.uk secured but not www.crose.co.uk

My domain is: crose.co.uk / www.crose.co.uk

I ran this command: ./letsencrypt-auto certonly

It produced this output:

• Congratulations! Your certificate and chain have been saved at
  /etc/letsencrypt/live/crose.co.uk/fullchain.pem. Your cert will
  expire on 2017-01-29. To obtain a new or tweaked version of this
  certificate in the future, simply run letsencrypt-auto again. To
  non-interactively renew all of your certificates, run
  "letsencrypt-auto renew"

My web server is (include version): Apache 2.4

Hi All,

I have gone through the steps to renew my certs on my server, however now when I go to www.crose.co.uk I am getting a warning from Chrome: ERR_CERT_AUTHORITY_INVALID (Looking at the cert details it seems to be a self signed one). However during the renewal process I provided both www and non www versions of the domain.

I have also restarted Apache numerous times and even rebooted the server, however I cannot get www.crose.co.uk to be viewable under https.

in my Apache vhost Config I have the usual culprits:
<VirtualHost *:443>
ServerName crose.co.uk
ServerAlias www.crose.co.uk
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/crose.co.uk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/crose.co.uk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/crose.co.uk/chain.pem

Which has always been fine previous. Which is why i’m left scratching my head.

Can anyone advise or recommend where I should look?

I’d check if you have www.crose.co.uk anywhere else in your configs ( grep -R www.crose.co.uk /etc/apache2 (or /etc/httpd depending on your server)

I’d also check where the SSL cert is being loaded ( grep -R SSLCertificate /etc/apache2 )

It was found in /etc/httpd/conf/httpd.conf as well…

I have commented out the ServerName in there and restarted Apache but still the same issue. Do I need to regenerate the certs?

Im also seeing this error:

/etc/httpd/logs/ssl_error_log:[Mon Oct 31 04:37:46.521115 2016] [ssl:warn] [pid 1117:tid 139670451341376] AH01909: RSA certificate configured for www.crose.co.uk:443 does NOT include an ID which matches the server name

No, you don’t need to regenerate it - the cert looks fine ( and it looks as if you already generated it 3 times ) The cert if valid for www.crose.co.uk

OK, so you have removed www.crose.co.uk from httpd.conf and reloaded apache - so there is now only one place that www.crose.co.uk exists ?

What is your server name ? (the error might not matter too much if never use the server name of course )

Ive commented that line out of the httpd.conf file. so ServerName will be blank in there now.

in the vhost conf file I have:
ServerName crose.co.uk
ServerAlias www.crose.co.uk

In your httpd.com to you have SSLCertificateFile that’s pointing to your self signed cert ? if not, where is that referenced ?

So I had self signed certs config in the ssl.conf file that mod_ssl installs. I have commented these lines out and restarted apache but now it’s not working for non-www or www.

Any ideas?

As a first step, I’d suggest replacing the links to the self signed to the letsencrypt ones (rather than just commenting them out).

if you can paste your config (ssl.conf, mod_ssl and httpd.conf ) - possibly at pastebin.com (easier to time limit and remove )

Thanks for the help so far:

httpd.conf - http://pastebin.com/m3H1mzNM
ssl.conf - http://pastebin.com/uPha0p3R
crose.co.uk.conf - http://pastebin.com/StsXSu7N

I no longer get the SSL warning, I get an error saying the server sent a bad/wrong request:

"This site can’t provide a secure connection

crose.co.uk sent an invalid response."

At the moment you are issuing http, not https on port 443

I’ll have a look at the configs …

Ok so I decided to comment everything out of the default ssl.conf file andreloaded apache. and all seems to be working ok now!..

blimey! confused.com

Thank you for the help serverco!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.