Certbot created SSL certificate but now I have wrong CommonName

Hello there,

I’ve used certbot to create a certificate. I’m now sure what wen’t wrong, but for short the certificate isn’t working properly. Reading documentation and ssl logs I’ve come up to the following warning message:

[Wed Jul 05 15:45:07 2017] [warn] RSA server certificate CommonName (CN) `pedidos’ does NOT match server name!?

I visited the QualySSL site and there I have the following message:

Certificate name mismatch Click here to ignore the mismatch and proceed with the tests Try these other domain names (extracted from the certificates):
  • pedidos
We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It's possible that:

The web site does not use SSL, but shares an IP address with some other site that does.
The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.
The web site uses a content delivery network (CDN) that does not support SSL.
The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.

So, the certificate was created using the word “pedidos” as Common Name instead of the ServerName “pedidos.ciagroalimentos.com.br”.

In CentOS 6 I have the following configuration:

[root@pedidos ~]# hostname -f
pedidos.ciagroalimentos.com.br

My /etc/hosts file:

127.0.0.1 pedidos.ciagroalimentos.com.br
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

My /etc/sysconfig/network file:

NETWORKING=yes
HOSTNAME=pedidos.ciagroalimentos.com.br

What should I do now? Revoke this certificate and create a new one? Simple deleting the old certificate files in /etc/letsencrypt will suffice to create a new certificate? Is there a way to change the CommonName from a certificate?

My domain is: pedidos.ciagroalimentos.com.br
I ran this command: ./certbot-auto --apache
It produced this output: it worked properly, no errors. I selected the proper ServerName that appeared (only one VirtualHost)
My web server is (include version): Apache 2.2
The operating system my web server runs on is (include version): CentOS 2.9
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Sorry for bad english.

The server at pedidos.ciagroalimentos.com.br sends self-signed certificate, not the one signed by LE. Examine your Apache configuration closely, see where SSLCertificateFile and SSLCertificateKeyFile directives are pointing at.

Well, it is that.

It’s reading the default httpd/conf.d/ssl.conf file but it isn’t loading the file that was created by certbot at /etc/httpd/conf.d/virtualhosts-le-ssl.conf

I’ll figure out why now, thanks for that info.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.