The certificate is only valid for

Tried this 2 times, with the same problem.

./certbot-auto --apache -d -d


Congratulations! Your certificate and chain have been saved at
Your cert will expire on 2016-08-30....

But when accessed from any browser, uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for
Error code: SEC_ERROR_UNKNOWN_ISSUER is the server host name and does not appear anywhere in Apache config files.
Just one virtual host file is at /etc/httpd/conf.d/mysite_com.conf

Apache 2.2
Centos 6.8

Maybe restart Apache?

All ready did a apache restart and even server reboot, just in case. Why on earth would it create certificates for the sever name when I specifically passed in -d -d Makes no sense to me.

It’s unlikely that this certificate is from Let’s Encrypt. You would not get “SEC_ERROR_UNKNOWN_ISSUER” for a certificate signed by Let’s Encrypt. My best guess is that your apache was already configured with a self-signed certificate prior to this, and something’s causing apache to pick this certificate rather than the new certificate.

Try grep -r "SSLCertificateFile" /etc/httpd if you don’t see anything obvious. If you need help amending the configuration, we’ll need your apache configuration files.

Found this in ssl.conf after running that command:

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Could this be in conflict?

Yep, ssl.conf is probably where the self-signed certificate is set. You’ll want to remove the relevant SSL directives in there (basically anything that matches SSL[...]File, feel free to post the file if you need assistance.

Great - this will give something to investigate further. Much appreciation for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.