Renewal of secured but not


My domain is: /

I ran this command: ./letsencrypt-auto certonly

It produced this output:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/ Your cert will
    expire on 2017-01-29. To obtain a new or tweaked version of this
    certificate in the future, simply run letsencrypt-auto again. To
    non-interactively renew all of your certificates, run
    "letsencrypt-auto renew"

My web server is (include version): Apache 2.4

Hi All,

I have gone through the steps to renew my certs on my server, however now when I go to I am getting a warning from Chrome: ERR_CERT_AUTHORITY_INVALID (Looking at the cert details it seems to be a self signed one). However during the renewal process I provided both www and non www versions of the domain.

I have also restarted Apache numerous times and even rebooted the server, however I cannot get to be viewable under https.

in my Apache vhost Config I have the usual culprits:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
SSLCertificateChainFile /etc/letsencrypt/live/

Which has always been fine previous. Which is why i’m left scratching my head.

Can anyone advise or recommend where I should look?


I’d check if you have anywhere else in your configs ( grep -R /etc/apache2 (or /etc/httpd depending on your server)

I’d also check where the SSL cert is being loaded ( grep -R SSLCertificate /etc/apache2 )


It was found in /etc/httpd/conf/httpd.conf as well…

I have commented out the ServerName in there and restarted Apache but still the same issue. Do I need to regenerate the certs?


Im also seeing this error:

/etc/httpd/logs/ssl_error_log:[Mon Oct 31 04:37:46.521115 2016] [ssl:warn] [pid 1117:tid 139670451341376] AH01909: RSA certificate configured for does NOT include an ID which matches the server name


No, you don’t need to regenerate it - the cert looks fine ( and it looks as if you already generated it 3 times :wink: ) The cert if valid for

OK, so you have removed from httpd.conf and reloaded apache - so there is now only one place that exists ?

What is your server name ? (the error might not matter too much if never use the server name of course :wink: )


Ive commented that line out of the httpd.conf file. so ServerName will be blank in there now.

in the vhost conf file I have:


In your to you have SSLCertificateFile that’s pointing to your self signed cert ? if not, where is that referenced ?


So I had self signed certs config in the ssl.conf file that mod_ssl installs. I have commented these lines out and restarted apache but now it’s not working for non-www or www.

Any ideas?


As a first step, I’d suggest replacing the links to the self signed to the letsencrypt ones (rather than just commenting them out).

if you can paste your config (ssl.conf, mod_ssl and httpd.conf ) - possibly at (easier to time limit and remove :wink: )


Thanks for the help so far:

httpd.conf -
ssl.conf - -

I no longer get the SSL warning, I get an error saying the server sent a bad/wrong request:

"This site can’t provide a secure connection sent an invalid response."


At the moment you are issuing http, not https on port 443

I’ll have a look at the configs …


Ok so I decided to comment everything out of the default ssl.conf file andreloaded apache. and all seems to be working ok now!..


Thank you for the help serverco!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.