Hello everyone,
I have a FreeBSD server (IP 4711) on which I host several domains and use Let's encrypt certificates (https) without any problems. Under the FreeBSD server I have a guest FreeBSD server OS (IP 4712) running on a virtual machine and want to run the subdomain test.vogelfotografie.de via the Apache web server in this virtual machine.
Therefore I applied today for a let's encrypt certificate for test.vogelfotografie.de. Allegedly the application procedure was successful.
„certbot certificates“ shows:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: asp-services.de
Serial Number: 469966fefafc772b334e48c6bf37f5cd201
Key Type: ECDSA
Domains: www.asp-services.de asp-services.de mail.asp-services.de
Expiry Date: 2023-09-20 05:49:51+00:00 (VALID: 89 days)
Certificate Path: /usr/local/etc/letsencrypt/live/asp-services.de/fullchain.pem
Private Key Path: /usr/local/etc/letsencrypt/live/asp-services.de/privkey.pem
Certificate Name: test.vogelfotografie.de
Serial Number: 31e43e0f7d4db18b74b9e9b6b0bff83....
Key Type: ECDSA
Domains: test.vogelfotografie.de
Expiry Date: 2023-09-20 08:14:54+00:00 (VALID: 89 days)
Certificate Path: /usr/local/etc/letsencrypt/live/test.vogelfotografie.de/fullchain.pem
Private Key Path: /usr/local/etc/letsencrypt/live/test.vogelfotografie.de/privkey.pem
But, if I use a browser https://test.vogelfotografie.de, it tells me that the connection is insecure:
Firefox shows:
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for. The certificate is only valid for the following names: asp-services.de, mail.asp-services.de, www.asp-services.de
Error code: SSL_ERROR_BAD_CERT_DOMAIN
Then I click on more information, I get the following information.
It is not clear to me why the domains asp-services.de, mail.asp-services.de and www.asp-services.de appear there instead of test.vogelfotografie.de, which I serve on the same virtual machine and have also provided with a let's encrypt certificate.
Mouse-click on certificate:
Subjectname: asp-services.de
Issuer name: Let´s encrypt
Validy: Not Before Thu, 22 Jun 2023 05:49:52 GMT / Not After Wed, 20 Sep 2023 05:49:51 GMT
Subject Altname: DNS Name asp-services.de, DNS Name mail.asp-services.de, www.asp-services.de
Is it possible that domains and subdomains are not allowed to run over different IP addresses if you want to use let't encrypt certificates?
Does anyone have an idea why, despite explicitly including the generated certificates for test.vogelfotografie.de, the connection is always insecure?
Kind regards
letsencrypttestit
My domain is: test.vogelfotografie.de
My web server is (include version): Apache 2.4
The operating system my web server runs on is (include version): FreeBSD 13.1
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): y
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 2.6.0