Website showing as insecure by Chrome, Firefox


Not www.* but
As long as there is no other VirtualHost which occupies that name, yes :slight_smile:

As a general rule of thumb: all names which the certificate is valid for should be listed as ServerAlias, one of them as ServerName.


Thanks for taking out time to reply.

Its still working on with www. Please advise.

<VirtualHost *:443>
DocumentRoot /opt/bitnami/apps/wordpress/htdocs
SSLEngine on
SSLCertificateFile /opt/bitnami/apps/wordpress/letsencrypt/live/
SSLCertificateKeyFile /opt/bitnami/apps/wordpress/letsencrypt/live/

Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”

<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars

BrowserMatch “MSIE [2-6]”
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch “MSIE [17-9]” ssl-unclean-shutdown


Try commenting out ServerAlias and restarting / reloading Apache


I am trying to fix www issue by adding ServerAlias, will that solve the purpose if I remove that?


So you want your site to only respond on and not ??

Then take out ServerAlias in the Port 443 config and do a redirect on the port 80 for both to redirect to

<VirtualHost *:80>
Redirect permanent /

You can also redirect the SSL www site to the non www by adding another vhost configuration

<IfModule mod_ssl.c>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /opt/bitnami/apps/wordpress/letsencrypt/live/
SSLCertificateKeyFile /opt/bitnami/apps/wordpress/letsencrypt/live/
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”
Redirect permanent /


Great, the last section with SSL redirect worked. Thanks a ton for your time and support.


Excellent and no problem at all, through our combined efforts @bytecamp glad you are up and running now :+1:


You still offer the wrong certificate when retrieving


Expanding ssl certs to domain with www will help you in this situation.
certbot --expand -d -d


The certificate is already valid for both domain names. The OP just doesn’t have configured Apache to offer it on, too.


This cannot work as there are no SSL* statements.


LOL … you got me … my brain is really not with it at the moment … (updated it)


I tried by adding ServerAlias, is there any other method?


That was right, but you put a typo in the name:



Ooops, Great, this works. Thanks a ton. Is there any way to remove the 2nd certificate as SSLLabs showing 2nd certificate as bad.


Have a look into your configuration. There must be another VirtualHost which references this certificate. I would recommend deleting the whole VirtualHost which uses it - just to clean up your configuration.

Try to find with grep:

$ grep -r SSLCertificateFile /etc/apache2


Great, Thanks a ton for the support. I found that in one of the bitnami files. Really helpful.


BTW. I had the same problem.

  • on Ubuntu 17.10 with the default apache2 config where all I added was a ServerName directive
  • certbot found the domain and created a new SSL apache config
  • Chrome didn’t trust that site because it couldn’t validate the owner.

The fix was to change SSLCertificateFile from fullcert.pem to cert.pem and add a SSLCertificateChainFile with chain.pem.

My question is why didn’t certbot do the right thing by default?

version 0.19.0


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.