Renewal of secured but not

My domain is: /

I ran this command: ./letsencrypt-auto certonly

It produced this output:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/ Your cert will
    expire on 2017-01-29. To obtain a new or tweaked version of this
    certificate in the future, simply run letsencrypt-auto again. To
    non-interactively renew all of your certificates, run
    "letsencrypt-auto renew"

My web server is (include version): Apache 2.4

Hi All,

I have gone through the steps to renew my certs on my server, however now when I go to I am getting a warning from Chrome: ERR_CERT_AUTHORITY_INVALID (Looking at the cert details it seems to be a self signed one). However during the renewal process I provided both www and non www versions of the domain.

I have also restarted Apache numerous times and even rebooted the server, however I cannot get to be viewable under https.

in my Apache vhost Config I have the usual culprits:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
SSLCertificateChainFile /etc/letsencrypt/live/

Which has always been fine previous. Which is why i’m left scratching my head.

Can anyone advise or recommend where I should look?

I’d check if you have anywhere else in your configs ( grep -R /etc/apache2 (or /etc/httpd depending on your server)

I’d also check where the SSL cert is being loaded ( grep -R SSLCertificate /etc/apache2 )

It was found in /etc/httpd/conf/httpd.conf as well…

I have commented out the ServerName in there and restarted Apache but still the same issue. Do I need to regenerate the certs?

Im also seeing this error:

/etc/httpd/logs/ssl_error_log:[Mon Oct 31 04:37:46.521115 2016] [ssl:warn] [pid 1117:tid 139670451341376] AH01909: RSA certificate configured for does NOT include an ID which matches the server name

No, you don’t need to regenerate it - the cert looks fine ( and it looks as if you already generated it 3 times :wink: ) The cert if valid for

OK, so you have removed from httpd.conf and reloaded apache - so there is now only one place that exists ?

What is your server name ? (the error might not matter too much if never use the server name of course :wink: )

Ive commented that line out of the httpd.conf file. so ServerName will be blank in there now.

in the vhost conf file I have:

In your to you have SSLCertificateFile that’s pointing to your self signed cert ? if not, where is that referenced ?

So I had self signed certs config in the ssl.conf file that mod_ssl installs. I have commented these lines out and restarted apache but now it’s not working for non-www or www.

Any ideas?

As a first step, I’d suggest replacing the links to the self signed to the letsencrypt ones (rather than just commenting them out).

if you can paste your config (ssl.conf, mod_ssl and httpd.conf ) - possibly at (easier to time limit and remove :wink: )

Thanks for the help so far:

httpd.conf -
ssl.conf - -

I no longer get the SSL warning, I get an error saying the server sent a bad/wrong request:

"This site can’t provide a secure connection sent an invalid response."

At the moment you are issuing http, not https on port 443

I’ll have a look at the configs …

Ok so I decided to comment everything out of the default ssl.conf file andreloaded apache. and all seems to be working ok now!..


Thank you for the help serverco!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.