Apache Server Using Wrong Certificate Even Though VHOST File is Pointing to New LE Certs


#1

Hi all,

I am running a multisite installation with 3 top level domain names from my server.

  1. alondc.com
  2. earlymathmatters.com
  3. tranquilthaibodywork.com

I got the ssl certficiates from certbot up and running perfectly for sites 1 and 2 previously. When it came time to generate a ssl cert for site #3 i used the command below to generate new certs

sudo certbot --apache -d tranquilthaibodywork.com -d www.tranquilthaibodywork.com

and restarted apache.

Now when I try to access the site I still get a site insecure warning. WHen I ran the ssl test at ssl labs I got a name mismatch error with site #1.

I’m sure the issue is simple to fix but i’ve spent hours browsing around and for the life of me can’t seem to find a solution anywhere.

suggestions are welcome!


#2

https://www.ssllabs.com/ssltest/analyze.html?d=tranquilthaibodywork.com

produces an errors that the certificate for this site is actually for site #1.


#3

The good news is that you seemed to have obtained a certificate

https://crt.sh/?q=tranquilthaibodywork.com

Have you restarted the server? Your server seems to be using the wrong certificate.

Also can you paste the relevant apache config.

Andrei


#4

Hi Andrei

I tried rebooting the service and reloading apache and it didn’t work.

I posted the relevant apache config virtual blocks below


<VirtualHost *:80>
        ServerAdmin xxxx@gmail.com
        ServerName tranquilthaibodywork.com
    ServerAlias www.tranquilthaibodywork.com
    DocumentRoot /var/xxx/xxxx

    <Directory /var/xxx/xxxx>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =tranquilthaibodywork.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin xxx@gmail.com
    ServerName tranquilthaibodywork.com
ServerAlias www.tranquilthaibodywork.com
DocumentRoot /var/xxx/xxxx

    <Directory /var/xxx/xxxx>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =tranquilthaibodywork.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/tranquilthaibodywork.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tranquilthaibodywork.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

#5

can you have a look at that file and see if there is a certificate and key if so that may be why the current configuration is been over written.

I have updated the topic so others may help. @sahsanu any thoughts?

Andrei


#6

The redirection in first VirtualHost is not working too so, maybe Apache is not reading this conf file… which is strange because the page we get is related to the domain tranquilthaibodywork.com maybe there is another VirtualHost defined for this domain.

@alondc, could you please show the output of below commands? (I don’t know what is you OS so maybe below commands won’t work).

apache2ctl -t
apache2ctl -S

Also, I don’t know whether it is just a copy & paste issue but I can’t see the </IfModule> in your conf closing the first <IfModule mod_ssl.c> as I said, maybe you forgot to copy it.

You could also compare the conf from a working virtualhost like earlymathmatters.com with this one to check what are the differences between them.

Cheers,
sahsanu


#7

UPDATE: after reviewing the apache2ctl -S command output, I realized that the tranquil thaibodywork.com.conf Vhost had not been named in the apache.conf file. I added it in the following section using the command below and everything is now working perfectly.

Include the virtual host configurations:

IncludeOptional sites-enabled/tranquilthaibodywork.com.conf

restarted apache
all working now

Thanks so much to both of you for your help!

@ahaw021 - The file in /etc/letsencrypt/options-ssl-apache.conf does have a certificate and key in it. This data could be from before the new virtual host was added.

@sahsanu - I’m running an ubuntu 16.04 LAMP server


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.