Certificate error: RemoteCertificateNameMismatch

There is HTTP forwarding which for some reason is there so unable to access my website: SSL Server Test: www.doglikecat.com (Powered by Qualys SSL Labs)

Checking SSL cert also on link below also: https://check-your-website.server-daten.de/?q=doglikecat.com

My web server is (include version): cat /etc/*-release
VERSION="20200429-248"
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"

My hosting provider is: aws

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): was unable to get this but I'm using 3 different browsers (Safari, Chrome and Firefox) to access the site.

I first updated SSL cert on new web server given that I had to change to a new one - this did not work so I even revoked SSL cert but this is where I am at the moment. SSL cert seems to be issued correctly for my domain but why is HTTP forwarding in place and so unable to access the site by its domain name?

Appreciate your input very much!

Thanks.

1 Like

Welcome to the Let's Encrypt Community, Christian :slightly_smiling_face:

There are two settings you need to change in your WordPress that are currently set to "https://3.17.110.31/" instead of "https://www.doglikecat.com/".


You also have an incorrect redirect type before the WordPress redirect.

What's the output of:

sudo apachectl -S


Tool for checking redirects:

https://www.redirect-checker.org/index.php

1 Like

Thanks @griffin - checked wp-config.php file but there is no mention of IP so I've added two lines and site now returns 200 but it is not showing up in the way I can see on the backend.

Output of command here also:

sudo apachectl -S
VirtualHost configuration:
*:80 www.doglikecat.com (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:8)
*:443 www.doglikecat.com (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:70)
ServerRoot: "/opt/bitnami/apache2"
Main DocumentRoot: "/opt/bitnami/apache2/htdocs"
Main ErrorLog: "/opt/bitnami/apache2/logs/error_log"
Mutex proxy-balancer-shm: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/opt/bitnami/apache2/logs/" mechanism=default
PidFile: "/opt/bitnami/apache2/logs/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: USE_PHP_FPM
User: name="daemon" id=1
Group: name="daemon" id=1

Appreciate your input with this.

1 Like

TO ALL HELPING: This is a Bitnami stack.

The settings didn't appear in the administrative interface for WordPress? While you can edit them within the configuration, it's rare to do so.

I have to handle what follows with kid gloves because this is a Bitnami stack.

What is the output of:

sudo cat /opt/bitnami/apache2/conf/bitnami/bitnami.conf

Please put 3 backticks above and below the output, like this:

```
output
```

Here it is @griffin:

# Default Virtual Host configuration.

<IfVersion < 2.3 >
  NameVirtualHost *:80
  NameVirtualHost *:443
</IfVersion>

<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  # BEGIN: Support domain renewal when using mod_proxy without Location
  <IfModule mod_proxy.c>
    ProxyPass /.well-known !
  </IfModule>
  # END: Support domain renewal when using mod_proxy without Location
  # BEGIN: Enable HTTP to HTTPS redirection
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} !^localhost
  RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
  RewriteCond %{REQUEST_URI} !^/\.well-known
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
  # END: Enable HTTP to HTTPS redirection
  # BEGIN: Enable non-www to www redirection
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} !^localhost
  RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
  RewriteCond %{REQUEST_URI} !^/\.well-known
  RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
  # END: Enable non-www to www redirection
  <Directory "/opt/bitnami/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
      Order allow,deny                          
      Allow from all
    </IfVersion>
    <IfVersion >= 2.3 >
      Require all granted
    </IfVersion>
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html

  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
  # BEGIN: Support domain renewal when using mod_proxy within Location
  <Location /.well-known>
    <IfModule mod_proxy.c>
      ProxyPass !
    </IfModule>
  </Location>
  # END: Support domain renewal when using mod_proxy within Location
</VirtualHost>

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
  LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/doglikecat.com.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/doglikecat.com.key"

#SSLCertificateFile "/opt/bitnami/apache2/conf/doglikecat.com.crt"
#SSLCertificateKeyFile "/opt/bitnami/apache2/conf/doglikecat.com.key"
            
  # BEGIN: Support domain renewal when using mod_proxy without Location
  <IfModule mod_proxy.c>
    ProxyPass /.well-known !
  </IfModule>
  # END: Support domain renewal when using mod_proxy without Location
  # BEGIN: Enable non-www to www redirection
  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} !^localhost
  RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
  RewriteCond %{REQUEST_URI} !^/\.well-known
  RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
  # END: Enable non-www to www redirection
  <Directory "/opt/bitnami/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
      Order allow,deny                          
      Allow from all
    </IfVersion>
    <IfVersion >= 2.3 >
      Require all granted
    </IfVersion>
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html
        
  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
  # BEGIN: Support domain renewal when using mod_proxy within Location
  <Location /.well-known>
    <IfModule mod_proxy.c>
      ProxyPass !
    </IfModule>
  </Location>
  # END: Support domain renewal when using mod_proxy within Location
</VirtualHost>

# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"

Please note that I added two settings under the admin interface for WP and site is up and running now - little silly thing that I forgot to change when restoring site from a backup.

What's the go with a Bitnami stack?

Thanks.

1 Like

I'm not sure exactly what you're asking, but we like to be very cautious here when handling Bitnami stacks due to there being more than a few horrible incidents in the past involving severe breakage. They're great when they work, but when they don't work... :scream:

The line above in the port 80 VirtualHost should have [R=permanent,L] instead of [R,L] .

You'll need to reload your Apache afterwards for the change to take effect. The change is for SEO purposes.

Which file that line is modified in?

Also - what would be a better option for WP apart from Bitnami?

Thanks for your input @griffin.

2 Likes

/opt/bitnami/apache2/conf/bitnami/bitnami.conf

It's not that Bitnami's WordPress isn't fine. It's just that Bitnami's stacks tend to be complex to maintain and debug. Many hosting providers offer a standalone WordPress installation without a Bitnami stack.

1 Like

Thanks @griffin - site is not coming up as full-secured yet - Firefox is saying that part of the page is not secured (and saying that images are one example), Safari does not show the lock as it is displayed on other sites - only Chrome is showing up the lock and saying site is fully secured.

SSL cert is still under category B as per: SSL Server Test: www.doglikecat.com (Powered by Qualys SSL Labs)

Also - is there more than one SSL cert that has been issued and the need to revoke any? Anything else that needs to be considered so security in all browsers is fully displayed and category of cert to be A?

Thanks.

2 Likes

That's because you have mixed content (resources inside your page referenced over http and not https).

https://www.missingpadlock.com/


Don't revoke certificates.


This server supports TLS 1.0 and TLS 1.1. Grade capped to B.

https://ssl-config.mozilla.org/

1 Like

Valuable input @griffin

On the mixed content that I can see it's there from first URL - how can I remove reference to http://wp-content/uploads/2020/09/DSC_7353-scaled.jpg ? Folder and file are no longer there but reference is still there in the backend - where could I remove this from the WP dashboard given that content is already removed in the actual server?

Also - what is the use of the configuration generated via the second URL you provided?

Thanks.

1 Like

This article has a lot of depth about fixing mixed content in WordPress. Pay special attention to the "Upgrade Insecure Requests" header.


The configuration generator allows you to tweak the cipher suites supported by your Apache. In particular, you need to disable TLS 1.0 and 1.1. For expediency, if you search the Bitnami Community for related advice, you may come across some explicit instructions to guide you in this regard.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.