Alternative names MISMATCH

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: industrial-engines.com.au

I ran this command: SSL Report: www.industrial-engines.com.au (124.191.89.114)

It produced this output:
Subject industrial-engines.com.au
Fingerprint SHA256: 96bbb55e50aed1895bbc793102e9ba0a701e554fd719bd6ce006548d9ef8e987
Pin SHA256: ipHQko3ewZwdNVc/Q7JRZfKQPm3ehdMyfzlP83UdBdw=
Common names industrial-engines.com.au
Alternative names industrial-engines.com.au MISMATCH
Serial Number 03b16f5aef9c05fb24c91d104202efb93a57
Valid from Sat, 11 Jan 2020 12:51:35 UTC
Valid until Fri, 10 Apr 2020 12:51:35 UTC (expires in 2 months and 26 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer Let’s Encrypt Authority X3
AIA: http://cert.int-x3.letsencrypt.org/
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency Yes (certificate)
OCSP Must Staple No
Revocation information OCSP
OCSP: http://ocsp.int-x3.letsencrypt.org
Revocation status Good (not revoked)
DNS CAA No (more info)
Trusted No NOT TRUSTED (Why?)
Mozilla Apple Android Java Windows

My web server is (include version): apache 2

The operating system my web server runs on is (include version): debian 10.2

My hosting provider, if applicable, is: me

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): webmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

1 Like

Hi @philp

that’s the expected result. Your certificate has only one domain name, the non-www version.

You try to use it with the www version, that’s a mismatch.

–>> Create one certificate with both domain names - non-www and www.

1 Like

i have tried but not sure where it is missing…

root@raspberrypi:/home/pi# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?


1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)


Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator apache, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): www.industrial-engines.com.au industrial-engines.com.au
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/www.industrial-engines.com.au.conf)

What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.industrial-engines.com.au/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.industrial-engines.com.au/privkey.pem
    Your cert will expire on 2020-04-14. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

thankyou…

Phil

1 Like

If you use

the certificate isn’t installed. A server restart is required so your server can use the new certificate.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.