My VPS with CentOS 6.9 / Apache 2.2 hosts several websites with vhosts and I have installed Letsencrypt using Certbot for several of them in one go.
However the domain https://www.hrmis.health.gov.lk doesn’t seem to work and it gives
"Your connection is not private" warning on Chrome and
"Unable to communicate securely with peer: requested domain name does not match the server’s certificate. HTTP Strict Transport Security: false
HTTP Public Key Pinning: false" on Firefox.
Remaining website certificates are working fine: https://www.ecpas.health.gov.lk
It looks like you have a self-signed certificate on that domain name. You should run Certbot again with -d www.hrmis.health.gov.lk to get a trusted certificate for that domain.
Do you have a VirtualHost directive in your config naming that host, or is it just the default VirtualHost? If so, that could explain why it was missed in the first round.
There’s a VirtualHost directive for the domain and it appeared in the list of domains when I ran Certbot. I followed the instructions as for other domains listed above but only this particular domain caused the problem. The culprit must be the self-signed certificate you mentioned (which must have been left on the server when I tried openssl some time back).
I tried to run -d www.hrmis.health.gov.lk but it hit a rate limit possibly because I tried reinstalling certificates several times. I’ll wait till the limit expires and let you know the result.
I got it solved by editing the /etc/httpd/conf.d/ssl.conf file and replacing the paths of ‘SSLCertificateFile’, ‘SSLCertificateKeyFile’ and ‘SSLCertificateChainFile’ to the relevant Letsencrypt files and restarting apache.
Earlier they were set to the self-signed certificate you mentioned which caused this problem and now everything is fine!