Site "Not Secure" / Certificate Invalid on fresh Wordpress site

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot --expand -d

It produced this output: “Not Secure”, Certificate: Invalid

My web server is (include version): Digital Ocean

The operating system my web server runs on is (include version): LEMP stack, Ubuntu 14.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): WordPress 4.9.1

Hi, I recently created a new Wordpress install for in a server also used to host another website. When I first ran Let’s Encrypt (Using Certbot), I only added the certificate for the other website and all was well (I was getting Secure). I then added the new site by using “sudo certbot --expand -d”.

Actions taken after:
I did get a few “nginx: [warn] conflicting server name “” on, ignored” warnings while running the above, so “to be safe” I ran the above with “” as well.

When going to my site, I was getting “Not Secure” in the address bar and upon clicking it, Certificate: “Invalid”, while being issued to “” (even though my website is at “”).

While on the website, I pressed F12 in chrome and the only non-https link I see is “”, which I can’t figure out how to change, though in other threads, doesn’t seem to be a problem.

I’ve tried changing the Wordpress theme (to the preloaded ones), but still get the same Not Secure while logged in as admin and on the main site.

Afterward, I removed the certificate using “certbot delete” thinking there was some kind of conflict with the certificate (which I kept), but this didn’t solve anything.


I read somewhere that I’m supposed to have certificates for both and, and upon trying to readd the deleted certificate:

sudo certbot --expand -d

I now get the following error:

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live/’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

I’m thinking of loading a backup of the server now, but I’d lose the private keys that I can’t seem to extract (if it’s even still there for the deleted “”).

What should I do now?

delete doesn’t edit your web server configuration, so if you delete a certificate that’s in use, your web server configuration will become invalid.

You can find the references to the deleted certificate with

grep /etc/letsencrypt/live /etc/nginx

and edit the configuration file yourself to remove them.

In general, you can include all of the relevant domain names within a single certificate instead of obtaining multiple certificates, for example with -d -d

Thanks for the reply Schoen and for bearing with me, I’m new at this. So if I edit the right configuration file, then I can get “Secure” instead of “Not Secure”? What is the name of this configuration file? I typed in grep /etc/letsencrypt/live /etc/nginx and got “grep: /etc/nginx: Is a directory”.

Sorry, I forgot -r. It should be

grep -r /etc/letsencrypt/live /etc/nginx

to find out where the remaining reference to the now-deleted certificate is.

Since I think you’ve deleted the certificate, you’ll need to deal with this before your site can work in HTTPS again.

I couldn’t find the certificate but I was able to reload a previous snapshot and use “-d -d” as you suggested - without the “–expand”, which worked!

Thanks a lot!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.