Jurg
April 20, 2025, 3:31pm
1
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: all-about-controls.com
I ran this command: sudo apache2ctl configtest
It produced this output: Syntax OK
My web server is (include version):
The operating system my web server runs on is (include version): Ubuntu 24.04.2 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot --version certbot 2.9.0
The site is loading perfect on Firefox and Safari, but not on Chrome.
Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID
What can be wrong ?
Welcome @Jurg
The problem is because the certificate you just got has only the domain name www.all-about-controls.com.
So, requests to your apex domain https://all-about-controls.com/ will fail as the cert does not also have this name. See this test site for example: SSL Checker
What command did you run to get the certificate? Once we know that we can offer advice on how to fix this.
4 Likes
Jurg
April 20, 2025, 5:38pm
3
Hello,
To make the certificate i have used ; 1. sudo certbot --apache
Output
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): you@your_domain
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Hmm. Normally that would show you a list of domain names to put in the certificate.
Would you show what Apache has for your VirtualHosts?
sudo apache2ctl -t -D DUMP_VHOSTS
3 Likes
Jurg
April 20, 2025, 5:44pm
5
apache2ctl -t -D DUMP_VHOSTSall-about-controls.com (/etc/apache2/sites-enabled/opencart-le-ssl.conf:2)all-about-controls.com (/etc/apache2/sites-enabled/opencart.conf:1)
That's unusual. It only shows your apex domain and not your www subdomain at all. Yet, the www subdomain is what is in the certificate.
Please also show output of this:
sudo certbot certificates
and the contents of this file
/etc/apache2/sites-enabled/opencart-le-ssl.conf
2 Likes
Jurg
April 20, 2025, 5:50pm
7
certbot certificates
Found the following certs:www.all-about-controls.com www.all-about-controls.com
/etc/apache2/sites-enabled/opencart-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@all-about-controls.com
DocumentRoot /var/www/html/opencart/upload/
ServerName all-about-controls.com
ServerAlias www.all-about-controls.com
<Directory /var/www/html/opencart/upload/>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/yourdomain.com-error_log
CustomLog /var/log/apache2/yourdomain.com-access_log common
SSLCertificateFile /etc/letsencrypt/live/www.all-about-controls.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.all-about-controls.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
1 Like
Jurg
April 20, 2025, 5:55pm
8
/etc/apache2/sites-enabled/opencart-le-ssl.conf
1 Like
Try this as a test. If this works we will use a very different command to get the production cert. This is just a test. Just let us know the result.
sudo certbot certonly --dry-run --apache --cert-name www.all-about-controls.com -d www.all-about-controls.com -d all-about-controls.com
3 Likes
Jurg
April 20, 2025, 6:23pm
10
sudo certbot certonly --dry-run --apache --cert-name www.all-about-controls.com -d www.all-about-controls.com -d all-about-controls.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
You are updating certificate www.all-about-controls.com to include new
You are also removing previously included domain(s):
Did you intend to make this change?
(U)pdate certificate/(C)ancel: Uwww.all-about-controls.com and all-about-controls.com
1 Like
Excellent. Now do this and you should be good. You will get a new cert with both domain names and Apache will be reloaded so will start using it right away
sudo certbot --apache --cert-name www.all-about-controls.com -d www.all-about-controls.com -d all-about-controls.com
Note : We dropped certonly --dry-run from the earlier test command.
You may need to restart your browser(s) for it to see the new cert. They often cache the previous one
3 Likes
Jurg
April 20, 2025, 6:28pm
12
certbot certificates
Found the following certs:www.all-about-controls.com www.all-about-controls.com all-about-controls.com
Excellent. Does it all look good to you now? Looks good to me.
3 Likes
Jurg
April 20, 2025, 6:36pm
14
Yes !!!!
The site load good now, great.
4 Likes
