Adding new domain leads to SSL_ERROR_BAD_CERT_DOMAIN again

mr_certbot · February 4, 2021, 2:55pm

My landing-page domain is:
https://leukvanpizzajolly.nl/

I ran this command:

certbot certonly --webroot -w /var/www/www.italimporta.nl/www  -d leukvanpizzajolly.nl -d www.leukvanpizzajolly.nl

It produced this output:

success

My web server is (include version):
apche2
The operating system my web server runs on is (include version):
Debian
My hosting provider, if applicable, is:
nvt
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I try to create a working https domain certificate for https://leukvanpizzajolly.nl/
It needs to direct towards the same directory as the main domain where the CMS is located.
https:italimporta.nl

But https://leukvanpizzajolly.nl is giving the error mentioning that the cert. is not ok and when accepting it is directing towards the default server domain (hocom-advies.nl)

tried to run the process all over but ending with the same result.

this is in my vhost for the domain:

<VirtualHost *:443>
DocumentRoot "/var/www/www.italimporta.nl/www"
ServerName leukvanpizzajolly.nl
ServerAlias leukvanpizzajolly.nl www.leukvanpizzajolly.nl
<Directory "/var/www/www.italimporta.nl/www">
Options -Indexes
AllowOverride all

SSLCertificateFile /etc/letsencrypt/live/leukvanpizzajolly.nl/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/leukvanpizzajolly.nl/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/leukvanpizzajolly.nl/chain.pem

<VirtualHost *:80>
DocumentRoot "/var/www/www.italimporta.nl/www"
ServerName leukvanpizzajolly.nl
ServerAlias www.leukvanpizzajolly.nl leukvanpizzajolly.nl http://leukvanpizzajolly.nl http://www.leukvanpizzajolly.nl
<Directory "/var/www/www.italimporta.nl/www">
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride all

#Redirect permanent / https://leukvanpizzajolly.nl/

So what Am I missing here?

I first added the new domain to the italimporta.nl settings. (it asked if I wanted to Expand I chose yes).
running this:
certbot certonly --webroot -w /var/www/www.italimporta.nl/www -d italimporta.nl -d www.italimporta.nl -d leukvanpizzajolly.nl -d www.leukvanpizzajolly.nl
since the result was not ok (as above explained) I removed the renewal file for italimporta.nl and run renew which created a new file? now I have : italimporta.nl italimporta.nl-0001 leukvanpizzajolly.nl

for the second attempt I deleted all the belonging files under:
rm -R /etc/letsencrypt/live/leukvanpizzajolly.nl and other locations
and run the
certbot certonly --webroot -w /var/www/www.italimporta.nl/www -d leukvanpizzajolly.nl -d www.leukvanpizzajolly.nl

Not the result I was expecting. Why is it not accepting this cert?

JuergenAuer · February 4, 2021, 3:35pm

Hi @mr_certbot

the wrong result is expected. certonly doesn't install the certificate.

What says

apachectl -S
certbot certificates

mr_certbot · February 4, 2021, 3:57pm

*:443 is a NameVirtualHost
default server hocom-advies.nl (/etc/apache2/sites-enabled/hocom-advies.nl-ssl.conf:1)
port 443 namevhost hocom-advies.nl (/etc/apache2/sites-enabled/hocom-advies.nl-ssl.conf:1)
alias hocom-advies.nl
alias www.hocom-advies.nl
alias https://www.hocom-advies.nl
alias hierbeginthet.nl
alias www.hierbeginthet.nl
port 443 namevhost italimporta.nl (/etc/apache2/sites-enabled/italimporta.nl-ssl.conf:1)
alias italimporta.nl
alias www.italimporta.nl
alias https://www.italimporta.nl
alias https://italimporta.nl
port 80 namevhost italimporta.nl (/etc/apache2/sites-enabled/italimporta.nl.conf:1)
alias italimporta.nl
alias www.italimporta.nl
alias http://www.italimporta.nl
alias http://italimporta.nl
port 80 namevhost leukvanpizzajolly.nl (/etc/apache2/sites-enabled/leukvanpizzajolly.nl.conf:1)
alias www.leukvanpizzajolly.nl
alias leukvanpizzajolly.nl
alias http://leukvanpizzajolly.nl
alias http://www.leukvanpizzajolly.nl

Found the following certs:
Certificate Name: italimporta.nl
Domains: italimporta.nl leukvanpizzajolly.nl www.italimporta.nl www.leukvanpizzajolly.nl
Expiry Date: 2021-05-05 08:41:17+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/italimporta.nl/fullchain.pem
Private Key Path: /etc/letsencrypt/live/italimporta.nl/privkey.pem
Certificate Name: leukvanpizzajolly.nl
Domains: leukvanpizzajolly.nl www.leukvanpizzajolly.nl
Expiry Date: 2021-05-05 13:28:37+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/leukvanpizzajolly.nl/fullchain.pem
Private Key Path: /etc/letsencrypt/live/leukvanpizzajolly.nl/privkey.pem
Certificate Name: italimporta.nl-0001
Domains: italimporta.nl www.italimporta.nl
Expiry Date: 2021-05-05 09:22:03+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/italimporta.nl-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/italimporta.nl-0001/privkey.pem

mr_certbot · February 4, 2021, 4:01pm

I can see that my vhost for 443 leukvanpizzajolly.nl is missing in the list. Will see why that is not there?

JuergenAuer · February 4, 2021, 4:04pm

Your vHost is buggy.

The non-www is duplicated, remove the second, then again apachectl -S.

mr_certbot · February 4, 2021, 4:12pm

port 443 namevhost leukvanpizzajolly.nl (/etc/apache2/sites-enabled/leukvanpizzajolly.nl-ssl.conf:1)
alias leukvanpizzajolly.nl
alias www.leukvanpizzajolly.nl

For some reason the ssl config was not enabled. After enabling that is seems to work.

system · March 6, 2021, 4:12pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.