Unable to communicate securely with peer: requested domain name does not match the server’s certificate

Hello,

My VPS with CentOS 6.9 / Apache 2.2 hosts several websites with vhosts and I have installed Letsencrypt using Certbot for several of them in one go.

However the domain https://www.hrmis.health.gov.lk doesn’t seem to work and it gives
"Your connection is not private" warning on Chrome and
"Unable to communicate securely with peer: requested domain name does not match the server’s certificate. HTTP Strict Transport Security: false
HTTP Public Key Pinning: false" on Firefox.

Remaining website certificates are working fine:
https://www.ecpas.health.gov.lk

Any help to sort this out is greatly appreciated!

It looks like you have a self-signed certificate on that domain name. You should run Certbot again with -d www.hrmis.health.gov.lk to get a trusted certificate for that domain.

Do you have a VirtualHost directive in your config naming that host, or is it just the default VirtualHost? If so, that could explain why it was missed in the first round.

2 Likes

Thank you for your reply.

There’s a VirtualHost directive for the domain and it appeared in the list of domains when I ran Certbot. I followed the instructions as for other domains listed above but only this particular domain caused the problem. The culprit must be the self-signed certificate you mentioned (which must have been left on the server when I tried openssl some time back).

I tried to run -d www.hrmis.health.gov.lk but it hit a rate limit possibly because I tried reinstalling certificates several times. I’ll wait till the limit expires and let you know the result.

Thanks again!

Dear Jacob,

I got it solved by editing the /etc/httpd/conf.d/ssl.conf file and replacing the paths of ‘SSLCertificateFile’, ‘SSLCertificateKeyFile’ and ‘SSLCertificateChainFile’ to the relevant Letsencrypt files and restarting apache.

Earlier they were set to the self-signed certificate you mentioned which caused this problem and now everything is fine!

Thanks!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.