Sounds like the configs are crossed and using the wrong certs.
Please show: grep -Eri 'listen|virtual|:80|:443|server_name|server_alias|ssl_cert' /etc/nginx/
You've issued a lot of certificates for those three names recently. Can you still use them? Your software should let you modify the web server configuration without issuing new certificates.
If the ACME client you're using is Certbot, what does "sudo certbot certificates" or "sudo ./certbot-auto certificates" or whatever say?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
In Nginx, that would be "server_name your.domain.name www.your.domain.name;".
Shows only one port 80 listening vhost and only one port 443 listening vhost.
[neither of which use exact server_name nor server_alias - just "_"(default)]
Which explains why all his port 443 connections get the same cert.
And why any new named cert issued will simply overwrite the previous one.
The problem seems to be that even though the ouhcs.logos.e-handoff.net certificate does not exist on the server, it’s the certificate that nginx is serving up, and it shows as the valid certificate for both sites.
Firefox shows the following:
ouhsc.logos.e-handoff.net uses an invalid security certificate.
The certificate is only valid for the following names:
logos.e-handoff.net, ouhcs.logos.e-handoff.net
The command $ sudo certbot certificates generates the following:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 0.29.1 renewal configuration file found at /etc/letsencrypt/renewal/logos.e-handoff.net.conf with version 0.28.0 of Certbot. This might not work.
Attempting to parse the version 0.29.1 renewal configuration file found at /etc/letsencrypt/renewal/logos.e-handoff.net-0002.conf with version 0.28.0 of Certbot. This might not work.
Attempting to parse the version 0.29.1 renewal configuration file found at /etc/letsencrypt/renewal/logos.e-handoff.net-0001.conf with version 0.28.0 of Certbot. This might not work.
Attempting to parse the version 0.29.1 renewal configuration file found at /etc/letsencrypt/renewal/ouhsc.logos.e-handoff.net.conf with version 0.28.0 of Certbot. This might not work.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: logos.e-handoff.net
Domains: ouhcs.logos.e-handoff.net logos.e-handoff.net
Expiry Date: 2019-03-14 18:14:18+00:00 (VALID: 84 days)
Certificate Path: /etc/letsencrypt/live/logos.e-handoff.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/logos.e-handoff.net/privkey.pem
Certificate Name: logos.e-handoff.net-0002
Domains: logos.e-handoff.net
Expiry Date: 2019-03-19 17:33:09+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/logos.e-handoff.net-0002/fullchain.pem
Private Key Path: /etc/letsencrypt/live/logos.e-handoff.net-0002/privkey.pem
Certificate Name: logos.e-handoff.net-0001
Domains: logos.e-handoff.net ouhsc.logos.e-handoff.net
Expiry Date: 2019-03-19 17:27:40+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/logos.e-handoff.net-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/logos.e-handoff.net-0001/privkey.pem
Certificate Name: ouhsc.logos.e-handoff.net
Domains: ouhsc.logos.e-handoff.net
Expiry Date: 2019-03-17 19:30:47+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/ouhsc.logos.e-handoff.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ouhsc.logos.e-handoff.net/privkey.pem
I seem to have run up against the certificate limit again. I deleted the keys as suggested, fixed my nginx config file, but it still wasn’t working. So I deleted the certificates, ran certbot again, and was unable to create any certificates. Is there a way around the “5 certs per week” limit?