Certificate mismatch on wildcard subdomain


#1

I installed letsencrypt on my base domain (https://ugochukwu.org) with some few subdomains before wildcard is finally rolled out, following the instruction from certbot page(https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache.html). After the installation, everythin was and is still working fine for the base domain and the subdomain I added then.

I now enabled wildcard on the certificate by running the following code,
certbot certonly --manual -d *.ugochukwu.org --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

As I saw in a tutorial. Everything went fine after verifying my domain with the code I was giving.
I now enable WordPress multisite on my site to use subdomain, but the subdomain created by my site are not ssl enabled, when forced to use ssl, the server reported that the cert is not trusted.
I ran ssl test with the subdomain at https://ssllabs.com/ and it reported *certificate name mismatch
The subdomain created by my wordpress are all opening and accessible, but with unsecure report on the browser.
Here is one of the subdomain currently created on my site…
store.ugochukwu.org

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: google(cloud host)

I can login to a root shell on my machine

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Please, what am I not doing right?


#2

Hi,

I can confirm that you’ve issued a wildcard certificate, but you aren’t using that one on your store subdomain
The certificate you issued:
https://crt.sh/?id=1114763934

But the certificate you are using on that subdomain, is:
https://crt.sh/?id=971834071

That’s why there’s an “domain mismatch”

Thank you


#3

Please, how am I to resolve this issue?


#4

You may need to make a change within the Apache virtual host config file.
For it to use the correct certificate within each virtual host.


#5

Thanks for your support. Can you give me some more guide on this. Now there is two certificate, how should I begin the changes and what exactly will I be changing?


#6

First one,

Go to your shell, type certbot certificates
Check which certificate is in there with wildcard path.

Second, go to your apache configuration, find the SSL virtual host that represent your mismatched website.
Replace the certificate file, certificate key file with the one you obtained on step one

Thank you


#7

Great!

It works. Thank you @stevenzhu and @rg305. You safed my ass after long hours of googling this problem.
ssllab now confirms the subdoman as valid.


#8

@stevenzhu how did you obtain the two id numbers that you showed?


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.