SSL CA cert for Let's Encrypt/R3 does not match the issuer

Virtualmin
1
SYSTEM INFORMATION
OS type and version Ubuntu 20.04
Webmin version 1.991
Virtualmin version 7.0.4 Pro
Related packages SSL

I have installed a proper SSL with about a year validity but I get following error in Current Certificate,

|Issuer organization|Sectigo Limited|

Expiry date May 30 23:59:59 2023 GMT
Certificate type Signed by CA
* SSL CA cert for Let’s Encrypt/R3 does not match the issuer of the SSL cert Sectigo Limited/Sectigo RSA Domain Validation Secure Server CA

Problem is that Firefox Mozilla browser keeps saying insecure and it says “Owner: This web site does not supply ownership information.” When I check website identity details in firefox.

I have checked SSLChecker and there it shows no problem for domain SSL.

Under Current Certificate I can see that the SSL certificate file location is /home/user-directory/ssl.cert and ssl.key

What causes Virtualmin → Server Configuration → SSL → Current Certificate to think that installed SSL is let’s encrypt even though that is not the case?

2

What was the way you installed it back then?

Problem is that Firefox Mozilla browser keeps saying insecure and it says “Owner: This web site does not supply ownership information.”

Do you have latest system packages updates installed (i.e. ca-certificates and openssl packages) and the latest Firefox too?

What causes Virtualmin → Server Configuration → SSL → Current Certificate to think that installed SSL is let’s encrypt even though that is not the case?

What is the value for Issuer: in the output of is:

openssl x509 -text -noout -in /home/user-directory/ssl.cert
3

Thanks.

  1. Generated CSR in virtualmin, then with help of that got certificates generated from where I bought the SSL and got the certificate and private key and installed the certificate via virtualmin. (It is likely that before installing this certificate, letsencrypt was used at some point)

  2. Yes the ubuntu is up to date and firefox browser too.

  3. the issuer value is as below,
    Issuer: C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA

4

If you still want to use paid certificate, you would have to use virtual-server.name - Server Configuration ⇾ SSL Certificate / Update Certificate and Key page to upload it. Also CA Certificate tab as well.

5

Thanks. I didn’t add the certificate to CA Certificate tab. Which I did now. But still getting error as below,

  • SSL CA cert for /www.domain1.com does not match the issuer of the SSL cert Sectigo Limited/Sectigo RSA Domain Validation Secure Server CA

Now there is no mention of LetsEncrypt but not sure what mismatch it is talking about, after all Sectigo is the correct issuer.

6

Perhaps, you’re using a wrong CA certificate? Have a closer look at it, making sure that you supply the correct certificate.

7

Actually I doubt if any other certificate will work and still show it is from sectigo. But I can try to reinstall and see what happens.

8

Let’s close this topic too. Because after http to https redirection errors in firefox mozilla also disappeared. So that error which I still think is some false positive but doesn’t seem to affect the SSL functionality.

Thanks again for your time and guidance.

9

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.