SSL not safe on subdomain (other server)


Got a problem :slight_smile:

I have 2 servers, one main server
and the second where the subdomain points to…

The main certificate on server one is working perfect.
I asked for a new one on the second server
but it gives an error in the browser (unsafe).

Is there some solution to get it working?

kind regards :blush:

You’re not using Let’s Encrpyt certificates on either of these domains. has a certificate from GlobalSign, and has a self-signed certificate. Are you sure your web server is set to use these, and that you reloaded its configuration to have the Let’s Encrypt certificate take effect on them?

Thank you for your reply,

Normally yes i think… they were generated in /etc/letsencrypt/live/
To be shure i also restarted the vps…

I also checked the main domain
Issuer Name
commonName=Let’s Encrypt Authority X3
organizationName=Let’s Encrypt

This was the command i used on the vps.
letsencrypt-auto certonly --webroot --webroot-path /var/www/html -d -d

openssl x509 -in /etc/letsencrypt/live/ -text -noout returns
Issuer: C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
Not Before: Aug 15 13:16:00 2017 GMT
Not After : Nov 13 13:16:00 2017 GMT

Authority Information Access:
CA Issuers - URI:

        X509v3 Subject Alternative Name:
        X509v3 Certificate Policies:

When you use “certonly”, that means “only obtain the certificate, don’t install it”. That means that it obtained the certificate (in that PEM file that you saw) but it didn’t do anything to tell any software on your system to use the new certificate.

1 Like

Hm, something strange happened in my test environment’s DNS for this - you’re right that has a Let’s Encrypt certificate.

1 Like

You definitely have a self-signed certificate in place for, though. Schoen already mentioned the need to explicitly install this certificate to your webserver, not just having it present there.

1 Like

Yes, stupid from me!!

certbot-auto --apache -d -d
it’s working :slight_smile:

Certificate Details
Common Name
Alternative Names
Click a Name to (search) for all publicly logged certificates
Subject Name
Serial Number 032AC9DAB6C5C1A0A215E41B15021B87F2BF
Fingerprint (SHA-256) E6C5442669F168EA9C110AAB92F1CCB075731E7169DF85B3A994E689C11EFC65
Valid From Tue, 15 Aug 2017 13:16:00 GMT
Valid To Mon, 13 Nov 2017 13:16:00 GMT (Expires in 88 days)
Key RSA (2048-bit)
Signature SHA-256 / RSA
Issuer Name
commonName=Let’s Encrypt Authority X3
organizationName=Let’s Encrypt

Issuer Brand Let’s Encrypt
Validation Type Domain Validated (DV)
Trusted by Microsoft? Yes
Trusted by Mozilla? Yes

Thank you!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.