Apache ssl:warn server name


#1

Hi,

My vhost configured by certbot-auto is not working.

Log warning:
[ssl:warn] [pid 7064] AH01909: RSA certificate configured for 127.0.0.1:443 does NOT include an ID which matches the server name

My vhost config:
<IfModule mod_ssl.c>
<VirtualHost *:443>

        ServerAlias beta.timetech.com.br
        DocumentRoot /var/www/time/beta/public

        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/time/beta/public>
                AllowOverride All
        </Directory>

    <Directorymatch "^/.*/\.git/">
        Order deny,allow
        Deny from all
    </Directorymatch>

        ErrorLog ${APACHE_LOG_DIR}/time_error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/time_access.log combined

SSLCertificateFile /etc/letsencrypt/live/beta.timetech.com.br/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/beta.timetech.com.br/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/beta.timetech.com.br/chain.pem
</VirtualHost>
</IfModule>

#2

That’s odd! Could you post the original port 80 vhost? That’s what certbot-auto uses as a template for the SSL vhost. Maybe this happens when the port 80 vhost only defines a ServerAlias, but no ServerName.


#3

pfg, you’re right. Both configurations have only ServerAlias.

I change the ServerAlias to ServerName in 80 and 443 configurations, restarted apache and still not working. Only port 80 works.

Warning has changed:
RSA certificate configured for beta.timetech.com.br:443 does NOT include an ID which matches the server name


#4

telnet beta.timetech.com.br 443 results in a timeout. Maybe a firewall issue?


#5

Warning has changed:
RSA certificate configured for beta.timetech.com.br:443 does NOT include an ID which matches the server name

The port 443 is open for all traffic in my EC2 Security Group.


#6

Everything worked after restart my EC2 instance. Thanks pfg!


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.