After installing cert getting SSL_BAD_CERT_DOMAIN


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: openaircinema.us

I ran this command: sudo certbot --webroot certonly -w /opt/bitnami/apache2/htdocs/

It produced this output: cert was installed successfully

My web server is (include version): Apache 2.4.7

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is: AWS EC2 instance

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

It seems like I’m getting redirected to ec2-54-191-32-136.us-west-2.compute.amazonaws.com now and I can’t figure out where it’s coming from. Any Ideas?


#2

certonly literally just gets the cert ONLY - lol
You probably need to restart the web service.

But since you seem to be using CloudFlare…
Exactly where/how are you seeing this error?

Name: openaircinema.us
Addresses:
2606:4700:30::6812:2cb2
2606:4700:30::6812:2db2
104.18.44.178
104.18.45.178


#3

Well that wasn’t the only command I typed. I followed this guide:https://medium.com/@hackersway/secure-your-bitnami-wordpress-site-with-free-lets-encrypt-certificate-b19a4b773610

I’ve restarted apache multiple times.

I see the error when I try to browse to https://openaircinema.us.


#4

The cert CloudFlare is using cervers:
openaircinema.us & *.openaircinema.us

You have a valid cert on your AWS server that ONLY covers:
openaircinema.us & www.openaircinema.us
(see public cert attached)

If you are using any other name to reach your site, you may need to reconfigure CloudFlare to use only one backend name.

Or you might have a DNS entry that points to your server instead of the CloudFlare IPs.


#5

Hi,

If you are using Bitnami on AWS ec2, you should use the “lego” client as Bitnami suggested.

And you probably have a misconfiguration on your Apache virtual host, which set the https server name to the default server hostname.

Please try to use the following command to see what virtual host is in use / accessible by Apache.
apachectl -S

Thank you


#6

openaircinema.us.txt


#7

VirtualHost configuration:
*:80 openaircinema.us (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:8)
*:443 openaircinema.us (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:56)
ServerRoot: “/opt/bitnami/apache2”
Main DocumentRoot: “/opt/bitnami/apache2/htdocs”
Main ErrorLog: “/opt/bitnami/apache2/logs/error_log”
Mutex proxy-balancer-shm: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/opt/bitnami/apache2/logs/" mechanism=default
PidFile: “/opt/bitnami/apache2/logs/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: USE_PHP_FPM
User: name=“daemon” id=1
Group: name=“daemon” id=1

The vhosts referenced at the top look like:

ServerName openaircinema.us
DocumentRoot “/opt/bitnami/apps/prestashop/htdocs”
SSLEngine on
SSLCertificateFile “/opt/bitnami/apache2/conf/server.crt”
SSLCertificateKeyFile “/opt/bitnami/apache2/conf/server.key”

<Directory “/opt/bitnami/apache2/htdocs”>
Options FollowSymLinks MultiViews
AddLanguage en en
AddLanguage es es
AddLanguage pt-BR pt-br
AddLanguage zh zh
AddLanguage ko ko
AddLanguage he he
AddLanguage de de
AddLanguage ro ro
AddLanguage ru ru
LanguagePriority en
ForceLanguagePriority Prefer Fallback

AllowOverride All
<IfVersion < 2.3 >
  Order allow,deny
  Allow from all
= 2.3 > Require all granted

Error Documents

ErrorDocument 503 /503.html

Bitnami applications installed with a prefix URL (default)

Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf”


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.