Ssl_error_bad_cert_domain on IE and FFox (Chrome works fine)


Hello everyone

I was surprised how easy it is to configure the certbot :slight_smile: but for some reason Firefox and Edge rejects my certificate while it works perfectly with chrome

(I already enabled SSLv2 in ssl.conf but still the same problem)

Edge 11.0.9600.18537
FFox 50.1.0
debian 8.5
apache 2.4.10

domain name :

<IfModule mod_ssl.c>

		ServerAdmin **********************

		DocumentRoot /var/www/html/****************

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined

		SSLEngine on

		SSLCertificateFile	/etc/letsencrypt/live/
		SSLCertificateKeyFile /etc/letsencrypt/live/

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars

		BrowserMatch "MSIE [2-6]" \
				nokeepalive ssl-unclean-shutdown \
				downgrade-1.0 force-response-1.0
		# MSIE 7 and newer should be able to use keepalive
		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown


# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

please help :frowning:



It looks as if you only obtained a certificate for ( and not for both and ) Since the name does not match then it is rejected by the browser.

The solution would be to generate a certificate for both domain names.


If you’re curious why it’s working in Chrome: Chrome automatically switches to the non-www version of a domain when you visit a site via HTTPS and the site serves a certificate that’s only valid for the domain itself, but not the “www” subdomain. Other browsers don’t do this.


wow that’s right it works if I remove www


so I create a server alias and relaunch certbot ?

[edit : yess !!! it works]

thx everyone

I thought the domain name was for both


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.