Why do I get browser warnings on my new lets encrypt ssl setup?
This is saying the cert is not valid for www.example.com.
Could be several reasons for this including:
You didn't specify this when creating the cert and only asked for example.com. Though weird that LetsEncrypt has put it in the www.example.com directory, suggesting you did do this right.
You made a typo in the domain name.
You included the protocol (http/https) in the domain name and/or the port (443). These should not be in the cert request and just the domain name.
You have a separate cert for example.com and www.example.com and have only one configured in Apache. Most sites use the same cert for both and have both versions valid for the domain.
Probably best to view the cert to rule out some of these. This can either be done in the browser by clicking on the green padlock when viewing https://example.com and/or running this command:
openssl x509 -in /etc/letsencrypt/live/www.example.com/cert.pem -text
You can also use the https://www.ssllabs.com/ssltest/ online tool to view your SSL setup (in fact I'd recommend to do this anyway!).
Admin
Updated on June 27, 2022Comments
-
Admin almost 2 years
I recently successfully installed Letsencrypt, and my site seems to work well with https. When i visit it e.g
https://example.com, no errors/warnings appear. However when i visit it withhttps://www.example.com, (including www) in all browser I get some sort of warning, for example, in chrome:Your connection is not private Attackers might be trying to steal your information from www.example.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALIDAnd in opera:
Opera cannot verify the identity of the server "www.example.com", due to a certificate problem. The server could be trying to trick you.My server runs apache and https works wonderfully when not www. In /etc/letsencrypt/live/www.example.com/ I have:
cert.pem chain.pem fullchain.pem privkey.pemWould appreciate any help and do ask if you require further detail. Hope this helps others too.
-
Dynamic Remo over 6 yearsHi @BazzaDP, i am facing same issue that you mentioned in Option#1 but my 301 redirect works perfectly fine when I enter my self the URL. Problem occurs when my previously indexed pages are clicked from Google with "HTTPS://WWW.mywebsite.com" then it gives the Error. Is there some way I can modify/update my certiface with an extra -D? or guide with an alternative solution. Thanking You!
-
Dynamic Remo over 6 yearsHi @SilgerlightFox, yeah I believe thats the reason I am facing this problem. I remember that I generated cetificate with one -D and not with the WWW. Can i somehow update/modify my certificate? or is there any other appropriate workaround? Thanking You!
-
Dynamic Remo over 6 yearsHi JorgeM, can I update/modify my already generated certbot certificate? or do I have to remove the current one and create a new certificate? or is there any other appropriate work around? Thanking You!
-
Barry Pollard over 6 yearsYes just give multiple -d options for each domain you want. You can’t update the existing cert but since they are free with LetsEncrypt, just get a new one with both domains. -
Dynamic Remo over 6 yearsWoahhh, thanks for the quick response. So to get the new certificate i need these steps. 1: delete the current folder in
/etc/letsencrypt/live/mywebsite.com2: new certificate with this commandcertbot certonly --standalone -d mywebsite.com -d www.mywebsite.com3: update variables in/etc/nginx/conf.d/mywebsite.com.conffile. That's all. Right? (Do I need to delete the current folder or it will create a new one automatically?) Thanking You! -
Barry Pollard over 6 yearsNo need to delete the current folder, it should create a new one.
-
Dynamic Remo over 6 yearsDone with all the +1s. Thanks again @BazzaDP, I will give it a try and will get back to you :-)
-
Dynamic Remo over 6 yearsI did it... Cheers @BazzaDP
