Certbot/lets encrypt discovers the wrong domain structure

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bryantnet.net

I ran this command: sudo certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: nextcloud.www.bryantnet.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

My web server is (include version): apache 2

The operating system my web server runs on is (include version): debian 10

My hosting provider, if applicable, is: linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

1 Like

I don’t understand what the issue is. Could you please explain more?

1 Like

Let’s Encrypt is recognizing my domain as

nextcloud.www.bryantnet.net

when it is simply bryantnet.net, and I don’t see a way to configure it to use the more simple domain name. How do I get it to not use this extended domain name?

1 Like

Probably a misconfigured Apache.

What’s the output of apachectl -S?

1 Like
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/ports.conf:1

VirtualHost configuration:
*:443 nextcloud.www.bryantnet.net (/etc/apache2/sites-enabled/nextcloud.www.bryantnet.net-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server nextcloud.www.bryantnet.net (/etc/apache2/sites-enabled/nextcloud.conf:12)
port 80 namevhost nextcloud.www.bryantnet.net (/etc/apache2/sites-enabled/nextcloud.conf:12)
port 80 namevhost nextcloud.www.bryantnet.net (/etc/apache2/sites-enabled/nextcloud.www.bryantnet.net.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

1 Like

@wpbryant I’m guessing you’re seeing why certbot only sees that specific hostname, right? :slight_smile:

2 Likes

yep lol digging into the documentation now, thank you

2 Likes

Also, it seems you’ve got two *:80 VirtualHost sections configured with the same hostname. (one in nextcloud.www.bryantnet.net.conf and one in nextcloud.conf) That’s pretty much always bad.

2 Likes

I’ve pretty much always relied on the hosting provider to do this stuff for me this is my first self-hosted server. But I’m not even sure how that one happened.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.