Certificate issued to wrong domain?

Hi! And many thanks in advance for your help :slight_smile:

My problem is: I have two domains and 2 different AWS instances. One (.guru) is used for testing, and .com is used as live production. I exported testing (.guru) to production (.com), and created a new SSL certificate for .com but it shows as non secure, with wrong certificated, issued to .guru. Sorry if I'm nor clear.

You can see it clearly in this video: Loom | Free Screen & Video Recording Software

My domain is: emprendemy.com

I ran this command: sudo certbot certificates

It produced this output:
Found the following certs:
Certificate Name: emprendemy.com
Domains: emprendemy.com *.emprendemy.com
Expiry Date: 2021-05-02 18:18:37+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/emprendemy.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/emprendemy.com/privkey.pem

The operating system my web server runs on is (include version):
Server version: Apache/2.4.41 (Unix)
Server built: Feb 7 2020 11:05:17

My hosting provider, if applicable, is: AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don't know): don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

2 Likes

Hi @ecosin,

Can you explain more about how you "exported testing to production" and you how "created a new SSL certificate for .com"? What commands or software did you use to do each of these things?

It looks like your web server configuration on the production server is pointing at a copy of the testing (.guru) certificate, while that copy is not visible to Certbot on the production server. So this might have to do with how you copied things over from one machine to the other.

2 Likes

Hi, thanks for your quick answer!

In AWS I create a snapshot of the instance linked to .guru, and create a new instance with that snapshot linked to .com.

But what I really need urgently is to solve the .com problem, for sure I will look for a new way to export development to production.

To create a new certificate, firt I deleted the previous one with sudo certbot delete and created a new one with
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

Thanks again,

3 Likes

Hi, thanks for your quick answer!

In AWS I create a snapshot of the instance linked to .guru, and create a new instance with that snapshot linked to .com.

But what I really need urgently is to solve the .com problem, for sure I will look for a new way to export development to production.

To create a new certificate, firt I deleted the previous one with sudo certbot delete and created a new one with
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

Well, certonly means to create the certificate but not install it in
your web server configuration!

When you use something like certbot --apache, it will install the
new certificate for you (by editing your web server configuration files).

But wildcards are a difficulty -- you can't obtain or renew them
automatically unless you have something like a DNS API integration.

Did you use a wildcard on the test instance too, or only on the production
instance?

2 Likes

What I did is to follow the instructions in Tutorial: Using Let’s Encrypt SSL certificates with your WordPress instance in Amazon Lightsail | Documentos de Lightsail

I did it before (on .guru) and it worked ok. Sorry for my low (almost null) technical language and experience. And I used wildcard in both, as instructions say.

Thanks again

3 Likes

What I did is to follow the instructions in Tutorial: Using Let’s Encrypt SSL certificates with your WordPress instance in Amazon Lightsail | Documentos de Lightsail

I did it before (on .guru) and it worked ok. Sorry for my low (almost null) technical language and experience. And I used wildcard in both, as instructions say.

Thanks again

I'm not sure if this is the most sustainable solution in terms of the
human effort (from you) that it requires. There might be a more
practical option than the steps suggested by this tutorial. For
example, are you sure you need a wildcard certificate for your
application? If not, there are definitely easier ways to do it!

However, I think the issue with regard to your particular situation is
the

"Step 7: Create links to the Let’s Encrypt certificate files in the
Apache server directory"

In this case you need to repeat that process on the new (production) server
after you've obtained the new (production) certificate there.

3 Likes

Doing it.

When I type
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old

I get the error:

mv: cannot stat '/opt/bitnami/apache2/conf/server.csr': No such file or directory

2 Likes

Hey, I made it happen!!! Thanks a lot, it worked.

Really helpful, many thanks Schoen

3 Likes

That's great! :tada:

By the way, if you're using Bitnami, Bitnami has their own tutorial with their own recommended proceedure:

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

You can see that it's a little bit different from the approach that's taken by the Amazon tutorial (and the tool that it suggests for most users right at the top, bncert-tool, is probably much more automated). Especially if you don't have a specific reason that you need a wildcard certificate, you might find it to be easier and more automatic to try Bitnami's approach in the future.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.