Certbot --apache is using the wrong hostname


#1

I did a complete overhaul on my server today and I had to remove my old style Apache configs. I installed and ran certbot-apache on my server and after a bit of fiddling around, most of my sites are working. My issue is that one site is getting a certificate based on the local hostname (set to main-server via hostnamectl) rather than using the domain name from my httpd.conf file. Here’s the SSL test: https://www.ssllabs.com/ssltest/analyze.html?d=fedgeno.com I have ran it twice with the same result both times. I don’t want to do it too much without some kind of advice because I would rather not wait a week to try to fix this.


#2

After a bit more messing around, it appears that there’s two certificates being served somehow. If I go to https://www.ssllabs.com/ssltest/analyze.html?d=www.fedgeno.com , I see the certificate I want used and also another one. I’m going to dig through my configurations and see if there’s some reason the server is using two certificates.


#3

Exactly. I would change the hostname because certain software needs a valid server hostname.


#4

I’m not just using one hostname. There’s about 8 VirtualHosts on that server and this is the only one that is using the wrong hostname. It’s not the default VirtualHost, either. It seems that whatever certbot --apache did didn’t override the setting from ssl.conf for that particular VirtualHost but it worked for the others. Changing the settings in ssl.conf to point to the certbot certificate actually lets it load but now it’s not using the right DocumentRoot LOL


#5

I’m a dummy. The whole thing was caused by setting ServerName to fedgeno.com in the global context in httpd.conf

Got it fixed. I will see if I can mark this as resolved or delete it.


#6

This wasn’t the case with the last version of Apache I was using so if any devs catch this, it might be good to build a check into certbot-apache that makes sure the user hasn’t set the global ServerName to any of the VirtualHost names that you’re issuing certs for.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.