The CA Root Certificate Is Not Trusted

I am posting here because I am not certain about why I am encountering this error. I am new to Let’s Encrypt, and have been scouring topics all day long on what could be causing this “The CA Root Certificate Is Not Trusted” Here is my setup. I have a server with a bunch of sites…on a VPS running Apache 2.4 (Centos 6.9). The site is or I tried issuing certificates for both of those, but neither one works. The certificate path has fullchain.pem files. The private key path has privkey.pem files. Looks like the certificates were issued, but I have something wrong in terms of configuration. Can someone please help?

Hi @jfouts1979

your first website has a self signed certificate. But you have created a Letsencrypt-certificate today.;include_subdomains:false;

Same with your second domain:;include_subdomains:false;

is the correct certificate.

So you have them, but don't use them.

Did you restart / reload your server?

Restarted - reloaded - same problem (no change).

Then please answer all these questions (shown first post): Tool, command, configuration.

Certbot certificates

to see your certificates. And your configuration file (Apache or nginx), there you have to use the files shown with certbot certificates

Centos 6.9
Apache 2.4
On a VPS through HostGator
Found the following certs:
Certificate Name:
Expiry Date: 2018-11-28 15:46:30+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/
Certificate Name:
Expiry Date: 2018-11-28 15:09:12+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/
Not sure exactly what you need to see in the configuration file?


Can you please check your Apache virtual host folder?

There should be a list of virtual hosts (including the TLS ones)

Edit the TLS virtual host for domain and set certificate path to the correct ones.

Thank you

You have to use these paths

in your apache-configuration. There must be a ssl-section, there is the current, self signed certificate

used. Same with the other domain.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.