Subdomain is redirecting to AMI test page

I am facing issue with my subdomains.
I have installed ssl certificate for my main domain as well as also it’s working fine.
But i have two sub domain belongs to same IP but the certificate has been installed site is throwing error.
Kindly help me to sorting this issue
OS:AMI 2016
Webserver:Apache 2.3 and and

You are not using the Let’s Encrypt certificates for your subdomains.

You don’t say how you obtained the certificates ( what command you ran ) … if you have the certificates ( in /etc/letsencrypt/live/subdomain… then you should check your apache config and point to those certs. If you don’t have the certificates than please let us know what command you ran to obtain the certificates, and the output it gave.

I have ran following command and it's gave below output.
./certbot-auto --apache -d -d

And it has certificate to the following path
ls /etc/letsencrypt/live/

│ Congratulations! You have successfully enabled │ and
│ │
│ You should test your configuration at: │

And my vhost configuration file is

I suspect the problem may be because you have modified the list of domains in your certificate, so now have both a and a directory.

What is in your apache config for these subdomains for the SSLCertificate links ?

I have pointed only.
Let me confirm and also is pointed DNS record properly or not.
Because I have checked with pingdom tool for dns for and are resolving nameserver properly but subdomains doesn't.

So please confirm the same i will try to change the DNS point to this Ip for subdomains.

Thanks for gave reply

for me, all 4 go to

It’s just the SSL certs that are not correct, hence why I asked what was in your apache config.

Please see my apache conf file for of ssl

[root@ip-172-31-19-172 conf.d]# cat developer-bezirk-com-le-ssl.conf

<VirtualHost *:443>

DocumentRoot /home/bezirkweb/developer

<Directory /home/bezirkweb/developer/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all



SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css text/plain text/xml application/x-javascript application/x-httpd-php
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip
Header append Vary User-Agent env=!dont-vary


ExpiresActive On ExpiresByType image/jpg "access 1 month" ExpiresByType image/jpeg "access 1 month" ExpiresByType image/gif "access 1 month" ExpiresByType image/png "access 1 month" ExpiresByType text/css "access 1 month" ExpiresByType application/pdf "access 1 month" ExpiresByType application/javascript "access 1 month" ExpiresByType application/x-javascript "access 1 month" ExpiresByType application/x-shockwave-flash "access 1 month" ExpiresByType image/x-icon "access 1 month" ExpiresDefault "access 2 days" ## EXPIRES CACHING ##

ErrorLog /var/log/
LogLevel warn
CustomLog /var/log/ combined

SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/

In your apache config you have;

which looks wrong for They should be

SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
SSLCertificateChainFile /etc/letsencrypt/live/

I have tried it working fine certificate but finally it goes to AMI test page.
I can able configure properly in apache that is not an issue for me,
If https enabled means it’s going to error page or AMI test page

See can you check it please

For cert verfication also gives ok
root@ip-172-31-19-172 conf.d]# openssl verify /etc/letsencrypt/live/*pem
/etc/letsencrypt/live/ CN =
error 20 at 0 depth lookup:unable to get local issuer certificate
/etc/letsencrypt/live/ OK
/etc/letsencrypt/live/ CN =
error 20 at 0 depth lookup:unable to get local issuer certificate
unable to load certificate
139828029695840:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE

I checked before - I don't get redirected to an AMI test page because I don't trust your self signed certificate.

curl -I
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: curl - SSL CA Certificates

if I test your certificate;

 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 1024 bits
 Fingerprint / Serial         SHA1 5FCD7686283969B5A7EC560190B314E53620E931 / 2E0A
                              SHA256 B394465337561F6BE951C239F375AA750421E326868594498C0489350A3D02AC
 Common Name (CN)             "ip-172-31-19-172"
 subjectAltName (SAN)         -- 
 Issuer                       self-signed (NOT ok)
 Trust (hostname)             certificate does not match supplied URI
 Chain of trust               NOT ok (self signed)
 EV cert (experimental)       no 
 Certificate Expiration       350 >= 60 days (2016-11-22 06:13 --> 2017-11-22 06:13 +0000)
 # of certificates provided   1
 Certificate Revocation List  --
 OCSP URI                     --
 OCSP stapling                --

If I accepted that certificate I may get redirected, I don't know, as I didn't accept an invalid certificate I don't trust :wink:

Then what is the solution for this from issue.
If certificte installed means not working expected content
Please let you explain to me.

I was so tired for this am not able to sort this.

Your domain at is not using the Let’s Encrypt certificate.

It is NOT using the certificate you have at /etc/letsencrypt/live/

The domain is using a self signed certificate for the domain name “ip-172-31-19-172”

This is most likely to be due to your apache config, which is not configured to recognise the domain ane provide the correct certificate. I’m assuming you have it showing a default self signed cert for an internal, private IP address of

How to create the certificate for and
Please give me the command or any steps to create the cert for this i will follow the same

You already have the certificates - in /etc/letsencrypt/live/…

You aren’t using them correctly in your apache config though.

[root@ip-172-31-19-172 conf.d]# ls dev* -l
-rw-r–r-- 1 root root 1771 Dec 6 05:58 developer-bezirk-com.conf
-rw-r–r-- 1 root root 1930 Dec 6 10:45 developer-bezirk-com-le-ssl.conf

This is the vhost file for is there any problem in this ?


developerssl.conf.txt (1.9 KB)

That looks OK, but I can’t really tell due to the formatting on the forum here. Can you either enclose the config in three back tick quotes ` or paste in (it would be useful if you could post your main default config, your default ssl config as well as the specific vhost file.

Hi I have attached my conf file please find it

I can not see your conf file.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.