SSL not working on www domain - Forbidden permission

Hi guys,

I’m desperate, I tried everything… So I have website: and for most of the time I had Let’s Encrypt certification, but after some time my client decided to have “paid” certificate.

So I installed new “paid” SSL certificate from other vendor and it works with domain “”, but problem is with domain “”.

The “www” version od domain shows “Forbidden - You don’t have permission to access this resource.” and also for some reason it keeps to show “Lets Encrypt” certificate on “www” version of website, but it show right certificate on “non-www” website version.

I think I tried everything, any suggestions?

How can I get rid off all Let’s Encrypt certificate, and remove it completely? I tried removing /etc/letsencrypt but id didnt help.

Certbot doest show any active certificates, but under “Virtualmin/ Server Configurations/ SSL Certificate” I can see me new certificate which I installed from “paid” external vendor. And under “lets Encrypt” tab I can see some “Web-based validation failed”, I’d rather delete all Lets Encrypt setting to make it work only with my new paid certificate.

OS type and version Debian Linux 10
Virtualmin version Version 7.3

Under the Server Configuration, SSL Certificate in Virtualmin you can click the button at the bottom to copy the new certificate to all services. Once that is done and the system reloads you should see a yellow button that says “DELETE” if a certificate is no longer in use.

thank You for Your reply. But there is no yellow button “DELETE”, In none of the Tabs. But You mean “Current Certificate” Tab? Or “Let’s Encrypt” tab? Im in Server Configuration/ SSL Certificate menu.

You will only see that if you have a certificate NOT being used.

You said earlier:

If that certificate was in use and the old one wasn’t, you would see a yellow button to delete the old one like this:

So if you don’t see that button, then you are still using the old certificate and that is probably why you’re having issues from one server to the other. You probably have multiple SSL’s in use and it’s messing up the works.

I don’t understand though why you would get rid of a perfectly good Let’s Encrypt SSL for a paid one. If it isn’t broken, don’t fix it.

Hello @Gomez_Adams ,

this "Lets encrypt certificate is expired as in attachment

So it’s not being used, and still I can’t see “DELETE” button.

Anyway, what are my options at this point?

For now it looks like this:

  • domain “” - works perfectly with new SSL Certificate, and show right certificate.
  • domain “” - doest work at all with “Forbidden - You don’t have permission to access this resource.” error showing up. This domain shows that it has expired “Let’s Encrypt” certificate.

As I look at it, the easiest way, would be to completely get rid of let’s encrypt, or edit SOMEWHERE domain setting to point “” on the NEW certificate that works with domain “”. And that’s the issue I have. Anyone can help?

Any sugestions where to edit it?

PS: We had problems with let’s encrypt auto renewal and every 3 months there was a problem with automatic renewal causing website not to work. So my client decided to have “paid” certifcate. It’s his decision.

Hello @Gomez_Adams ,

I found solution! This is so stupid… Anyway, when SSL stopped working - my client (who wanted to “repair” website ASAP) - decided to repair website on his own (I was on holiday), so he hired some TOTAL newbie and he mixed up all the DNS setting. So the “non-www” version was on correct server and “www” version of website directed to some other server I didnt know. I just changed “www” version to same server as “non-www” and now it work PERFECTLY AS IT SHOULD!

As a solution for this problem If anyone will have similiar issue… Fist Thing TO DO is to check all the DNS settings, for the main domain as for www domain.

NOW… even Let’s Encrypt Certificate is also running well.

Hope it might help someone, as it was totally weird and I couldn’t find answer to my issue.

1 Like

I don’t see how that can solve the problem OP is having.

It’s always DNS.


Because he asked:

If he had installed and was using the other new SSL as he said he had, the old SSL certificate should have the option to delete it already listed as it was no longer being used. So clearly at that time both of them were still in use.

Apparently they both still are.

1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.