Ssl Not working on "www"

My domain

I ran this command: sudo certbot certonly --webroot -w /var/www/html -d -d

It produced this output: You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/

My web server is (include version): Apache

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): YES i can

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):CWP7

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

I wrote

“certbot certificates”

and i found this reply,

Found the following certs:

Certificate Name:
Expiry Date: 2019-07-25 19:03:36+00:00 (VALID: 72 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/
Certificate Name:
Expiry Date: 2019-07-25 18:51:28+00:00 (VALID: 72 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

On PC if i write it redirects to and no errors are seen.
but when i open " on phone it shows “this connection is not private”

Hi @yohaan

that may be a cached result, so you don’t really see / check the www-version.

But checking your domain the www version isn’t secure ( ):

Domainname Http-Status redirect Sec. G 301 0.250 A 301 0.270 A 200 1.723 B 200 1.373 N
Certificate error: RemoteCertificateNameMismatch

But: The non-www version has the wrong certificate:
expires in 73 days - 1 entry

What says

apachectl -S

[centos@ip-172-31-29-237 ~]$ sudo apachectl -S
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using ip-172-31-29-237.ap-south-1.compute.internal. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 (/etc/httpd/conf.d/
*:443 (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
PidFile: “/run/httpd/”
User: name=“apache” id=48
Group: name=“apache” id=48

Looks like you don’t have a ServerAlias.


Add the alias to both vHosts.

Then change the SSLCertificateFile + key line to your other certificate:

Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

and restart your server.

1 Like

I am a newbie :stuck_out_tongue:

can you guide me how do i “add the alias to both vhost” and the following task.
you can provide me any tutorial link or something.


That’s one of your configuration file, the SSL version.

Open it and add / change the lines. Save it and restart your server.


You are awesome…!!! Thanks a ton. IT WORKED :star_struck::star_struck::star_struck:
i love that you replied within few mins and i was in this problem from weeks.

I would like to know what did i do wrong while using certbot .
What should i do.

This below mentioned way i installed SSL .

yum -y install yum-utils

sudo yum install certbot python2-certbot-apache

In cpanel change webserver to “ngnix & apache” . and back to “apache only”

This will make the root folder from usr/local/apache/htdocs to var/www/html because previous folder is not accesible by cerbot or freessl to verify the server

sudo certbot certonly --webroot -w /var/www/html -d -d

Sudo certbot


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.