"Certificate is NOT Trusted: self signed certificate" on AWS LightSail


Thank you in advance for reviewing my plea for help :D

How can I fix this issue with our site's SSL certificate? w-p site hosting on SailLightScreengrab of the current attached, valid SSL certificate for the site. According to a can from SSL.com, the "Certificate is NOT Trusted: self-signed certificate." I am new to hosting, but I had this issue; I stopped the original instance of the site, cloned it, started a new one, and had the same issue. The domain is on GoDaddy and being pointed to our AWS account. I have pinged, and the IP address is what it should be. Guessing the issue is due to the missing accompanying info from the raw JSON of the SSL, and because the certificate is self-signed, would this be correct? If so, how do I fix it? Or is this a different issue and I'm on the wrong track?

SSL.com scan shows the following:

{ "common_name": "example.com", "issuer": "CN=example.com", "serial_number": "578807359246318624150627468217127809249906962548", "subject": "CN=example.com", "subject_alternative_name": [ "example.com", "www.example.com" ], "no_valid_before": "2024-05-13, 01:24:44", "no_valid_after": "2029-05-12, 01:24:44", "public_key_algorithm": "_RSAPublicKey", "sha1_fingerprint": "08f9b47828966b4f6140676c2578fa274136db52", "sha256_fingerprint": "1d4a68a666d4a845bcf46b0b26b395f81551e90ccf218f339a63f0533eadf11e", "expired": false, "matches_hostname": false, "trust_stores": { "Android": "FAILED - Certificate is NOT Trusted: self signed certificate", "Apple": "FAILED - Certificate is NOT Trusted: self signed certificate", "Java": "FAILED - Certificate is NOT Trusted: self signed certificate", "Mozilla": "FAILED - Certificate is NOT Trusted: self signed certificate", "Windows": "FAILED - Certificate is NOT Trusted: self signed certificate" }, "trusted": false }

1 Answer
Accepted Answer

Your Lightsail instance has signed its own certificate, which means that the web browsers of visitors to your site won't trust it (this is what I get):

Enter image description here

There are a few methods open to you to get a certificate signed by a Trusted Certificate Authority (CA), a common one used along with Lightsail is to install certbot and get a signed certificate from LetsEncrypt.

Instructions for installing certbot are here https://repost.aws/knowledge-center/lightsail-install-certbot-package

Get a cert from LetsEncrypt https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress.html

profile picture
answered 19 days ago
profile picture
reviewed 19 days ago
profile picture
reviewed 19 days ago
  • @Steve_M Thank you so much. It is sorted now.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions