Unable to communicate securely with peer: requested domain name does not match the server’s certificate

Hello,

My VPS with CentOS 6.9 / Apache 2.2 hosts several websites with vhosts and I have installed Letsencrypt using Certbot for several of them in one go.

However the domain https://www.hrmis.health.gov.lk doesn’t seem to work and it gives
"Your connection is not private" warning on Chrome and
"Unable to communicate securely with peer: requested domain name does not match the server’s certificate. HTTP Strict Transport Security: false
HTTP Public Key Pinning: false" on Firefox.

Remaining website certificates are working fine:
https://www.ecpas.health.gov.lk

Any help to sort this out is greatly appreciated!

It looks like you have a self-signed certificate on that domain name. You should run Certbot again with -d www.hrmis.health.gov.lk to get a trusted certificate for that domain.

Do you have a VirtualHost directive in your config naming that host, or is it just the default VirtualHost? If so, that could explain why it was missed in the first round.

Thank you for your reply.

There’s a VirtualHost directive for the domain and it appeared in the list of domains when I ran Certbot. I followed the instructions as for other domains listed above but only this particular domain caused the problem. The culprit must be the self-signed certificate you mentioned (which must have been left on the server when I tried openssl some time back).

I tried to run -d www.hrmis.health.gov.lk but it hit a rate limit possibly because I tried reinstalling certificates several times. I’ll wait till the limit expires and let you know the result.

Thanks again!

Dear Jacob,

I got it solved by editing the /etc/httpd/conf.d/ssl.conf file and replacing the paths of ‘SSLCertificateFile’, ‘SSLCertificateKeyFile’ and ‘SSLCertificateChainFile’ to the relevant Letsencrypt files and restarting apache.

Earlier they were set to the self-signed certificate you mentioned which caused this problem and now everything is fine!

Thanks!