After cert install, confused. site down, says name error and need some help please


My domain is:markeley.me

I ran this command: certbot --apache

It produced this output: installed 2 ssl, site now says names do not match and site is not pulling up

My web server is (include version):Server version: Apache/2.4.52 (Ubuntu)
Server built: 2023-10-26T13:44:44

The operating system my web server runs on is (include version):Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.8.0

So I installed said domain on a home ubuntu server with apache2 and certbot listed above. Prior to installing the certs all was fine. Installed and everything went to name errors on the certs and the site not puling up. Ive checks the host file, and the /etc/letsencrypt files and it seems that i may have a couple of certs and confused what or which one to use for this to correct itself. appreciate the help in advance..

1 Like

Like all things Apache on this forum, I always start with the output of:
sudo apachectl -t -D DUMP_VHOSTS

3 Likes

root@markeley:/# sudo apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 markeley.me (/etc/apache2/sites-enabled/markeley.me-le-ssl.conf:2)
*:80 markeley.me (/etc/apache2/sites-enabled/markeley.me.conf:1)

Port 443 is mapped to an IIS server:

osiris@erazer ~ $ curl -LIvk markeley.me
*   Trying 204.116.139.86:80...
* Connected to markeley.me (204.116.139.86) port 80 (#0)
> HEAD / HTTP/1.1
> Host: markeley.me
> User-Agent: curl/8.1.2
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Date: Wed, 24 Jan 2024 17:31:18 GMT
Date: Wed, 24 Jan 2024 17:31:18 GMT
< Server: Apache/2.4.52 (Ubuntu)
Server: Apache/2.4.52 (Ubuntu)
< Location: https://markeley.me/
Location: https://markeley.me/
< Content-Type: text/html; charset=iso-8859-1
Content-Type: text/html; charset=iso-8859-1

< 
* Connection #0 to host markeley.me left intact
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://markeley.me/'
*   Trying 204.116.139.86:443...
* Connected to markeley.me (204.116.139.86) port 443 (#1)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.ochin.org
*  start date: Jul 20 20:57:45 2023 GMT
*  expire date: Aug 15 20:59:26 2024 GMT
*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/2
* h2 [:method: HEAD]
* h2 [:scheme: https]
* h2 [:authority: markeley.me]
* h2 [:path: /]
* h2 [user-agent: curl/8.1.2]
* h2 [accept: */*]
* Using Stream ID: 1 (easy handle 0x562a08067140)
> HEAD / HTTP/2
> Host: markeley.me
> User-Agent: curl/8.1.2
> Accept: */*
> 
< HTTP/2 200 
HTTP/2 200 
< content-length: 703
content-length: 703
< content-type: text/html
content-type: text/html
< last-modified: Fri, 26 Aug 2022 16:29:22 GMT
last-modified: Fri, 26 Aug 2022 16:29:22 GMT
< accept-ranges: bytes
accept-ranges: bytes
< etag: "5d66c5ff68b9d81:0"
etag: "5d66c5ff68b9d81:0"
< server: Microsoft-IIS/10.0
server: Microsoft-IIS/10.0
< x-powered-by: ASP.NET
x-powered-by: ASP.NET
< date: Wed, 24 Jan 2024 17:31:19 GMT
date: Wed, 24 Jan 2024 17:31:19 GMT
< set-cookie: MyChartAffinity=ffffffffc3a0defb45525d5f4f58455e445a4a42378b;expires=Wed, 24-Jan-2024 17:33:19 GMT;path=/;secure;httponly
set-cookie: MyChartAffinity=ffffffffc3a0defb45525d5f4f58455e445a4a42378b;expires=Wed, 24-Jan-2024 17:33:19 GMT;path=/;secure;httponly

* Connection #1 to host markeley.me left intact
osiris@erazer ~ $

Notice that the first HTTP reply comes from an Apache server, just like you said in your post. However, the HTTPS reply on port 443 is not. It's returning a GoDaddy TLS certificate for ochin.org and *.ochin.org. Do you recognise those hostnames?

Are you also running an IIS webserver? Is the 443 portmap correct?

3 Likes

No I do not. I noticed them and I am researching how to delete the certs and get new ones.

Are those certs even yours?

1 Like

No they are not mine. I just installed one for my domain and then they just showed up. I started get names do not match, and Im beyond confused at the moment.

root@markeley:/# curl -LIvk markeley.me

  • Trying 127.0.1.1:80...
  • Connected to markeley.me (127.0.1.1) port 80 (#0)

HEAD / HTTP/1.1
Host: markeley.me
User-Agent: curl/7.81.0
Accept: /

  • Mark bundle as not supporting multiuse
    < HTTP/1.1 301 Moved Permanently
    HTTP/1.1 301 Moved Permanently
    < Date: Wed, 24 Jan 2024 17:43:47 GMT
    Date: Wed, 24 Jan 2024 17:43:47 GMT
    < Server: Apache/2.4.52 (Ubuntu)
    Server: Apache/2.4.52 (Ubuntu)
    < Location: https://markeley.me/
    Location: https://markeley.me/
    < Content-Type: text/html; charset=iso-8859-1
    Content-Type: text/html; charset=iso-8859-1

<

  • Connection #0 to host markeley.me left intact
  • Clear auth, redirects to port from 80 to 443
  • Issue another request to this URL: 'https://markeley.me/'
  • Trying 127.0.1.1:443...
  • Connected to markeley.me (127.0.1.1) port 443 (#1)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • TLSv1.0 (OUT), TLS header, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS header, Finished (20):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.2 (OUT), TLS header, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use http/1.1
  • Server certificate:
  • subject: CN=markeley.me
  • start date: Jan 24 13:54:27 2024 GMT
  • expire date: Apr 23 13:54:26 2024 GMT
  • issuer: C=US; O=Let's Encrypt; CN=R3
  • SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):

HEAD / HTTP/1.1
Host: markeley.me
User-Agent: curl/7.81.0
Accept: /

  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • Mark bundle as not supporting multiuse
    < HTTP/1.1 200 OK
    HTTP/1.1 200 OK
    < Date: Wed, 24 Jan 2024 17:43:47 GMT
    Date: Wed, 24 Jan 2024 17:43:47 GMT
    < Server: Apache/2.4.52 (Ubuntu)
    Server: Apache/2.4.52 (Ubuntu)
    < Last-Modified: Mon, 22 Jan 2024 09:43:01 GMT
    Last-Modified: Mon, 22 Jan 2024 09:43:01 GMT
    < ETag: "1b8f-60f85a7d4dae3"
    ETag: "1b8f-60f85a7d4dae3"
    < Accept-Ranges: bytes
    Accept-Ranges: bytes
    < Content-Length: 7055
    Content-Length: 7055
    < Vary: Accept-Encoding
    Vary: Accept-Encoding
    < Content-Type: text/html
    Content-Type: text/html

Looks like you have the correct certificate installed, but requests for HTTPS on port 443 were not ending up at your Apache server.

Currently, there's no connection possible to port 443. Are you reconfiguring something with regard to port 443?

3 Likes

no 443 was always for ssl/ I dont know what happened. Just trying to figure out how to fix it.
weird, on the lan all the computers are pulling up the page, the wan is not. if I add another subdomain and secure it eggs.mydomain.com it pulls up just fine. Dont know how I got the cert for ochin either. all this started certbot --apache. done this several times before amd this has blown my mind.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.