Ssllabs gave A rating, but ERR_CERT_AUTHORITY_INVALID

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot --apache

It produced this output: It asked me whether I want to use the cert for or
I just the first version (with the www). Everything seemed to work fine, and I got A rating on ssllabs as well. It also asked me whether I want redirect traffic (to HTTPS) so i said yes.

My web server is (include version): apache

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is: Vultr, but I don’t think it’s applicable. i used comodo fine before.

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

I would really appreciate any help. Thank you.

Hi @ihseo

that’s wrong. If you want a certificate with a main domain name (like, you should always include both domain names +

Checked your domain you see the problem ( ):

Domainname Http-Status redirect Sec. G 301 0.567 A 301 0.560 A 302 2.933 N
Certificate error: RemoteCertificateNameMismatch 301 2.650 F 301 2.327 N
Certificate error: RemoteCertificateNameMismatch 200 2.617 N
Certificate error: RemoteCertificateNameMismatch

You use a preferred version (that’s good), but the result: The preferred version isn’t secure.

Your certificate has only one domain name:
expires in 90 days - 1 entry

And you have a wrong redirect https -> http.

Start with

sudo certbot --apache -d -d

then recheck your domain, then check your redirects and remove the wrong https + www -> http + non-www.

Replace that redirect with the correct redirect https + www -> https + non-www.

Then you have 3 redirects and one https destination (Grade B or better).

PS: You have some mixed content you should fix.

1 Like