The CA Root Certificate Is Not Trusted

jfouts1979 · August 30, 2018, 6:49pm

I am posting here because I am not certain about why I am encountering this error. I am new to Let’s Encrypt, and have been scouring topics all day long on what could be causing this “The CA Root Certificate Is Not Trusted” Here is my setup. I have a server with a bunch of sites…on a VPS running Apache 2.4 (Centos 6.9). The site is awomanstouchmd.com or awomanstouchmd.adfxcreativitythatworks.com. I tried issuing certificates for both of those, but neither one works. The certificate path has fullchain.pem files. The private key path has privkey.pem files. Looks like the certificates were issued, but I have something wrong in terms of configuration. Can someone please help?

JuergenAuer · August 30, 2018, 7:05pm

Hi @jfouts1979

your first website has a self signed certificate. But you have created a Letsencrypt-certificate today.

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:awomanstouchmd.com&lu=cert_search

Same with your second domain:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:awomanstouchmd.adfxcreativitythatworks.com&lu=cert_search

is the correct certificate.

So you have them, but don't use them.

Did you restart / reload your server?

jfouts1979 · August 30, 2018, 7:28pm

Restarted - reloaded - same problem (no change).

JuergenAuer · August 30, 2018, 7:33pm

Then please answer all these questions (shown first post): Tool, command, configuration.

Certbot certificates

to see your certificates. And your configuration file (Apache or nginx), there you have to use the files shown with certbot certificates

jfouts1979 · August 30, 2018, 8:15pm

Centos 6.9
Apache 2.4
On a VPS through HostGator
Found the following certs:
Certificate Name: awomanstouchmd.adfxcreativitythatworks.com
Domains: awomanstouchmd.adfxcreativitythatworks.com
Expiry Date: 2018-11-28 15:46:30+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/awomanstouchmd.adfxcreativitythatworks.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/awomanstouchmd.adfxcreativitythatworks.com/privkey.pem
Certificate Name: awomanstouchmd.com
Domains: awomanstouchmd.com
Expiry Date: 2018-11-28 15:09:12+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/awomanstouchmd.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/awomanstouchmd.com/privkey.pem
Not sure exactly what you need to see in the configuration file?

stevenzhu · August 30, 2018, 8:21pm

Hi,

Can you please check your Apache virtual host folder?

There should be a list of virtual hosts (including the TLS ones)

Edit the TLS virtual host for domain https://awomanstouchmd.com and set certificate path to the correct ones.

Thank you

JuergenAuer · August 30, 2018, 8:30pm

You have to use these paths

in your apache-configuration. There must be a ssl-section, there is the current, self signed certificate

https://awomanstouchmd.adfxcreativitythatworks.com/

used. Same with the other domain.

system · September 29, 2018, 8:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.