Certificate name does not match input

Help
1

HI,

My domain is: www.datacook.org and I created the SSL certificates both datacook.org and www.datacook.org.
But currently www.datacook.org is showing that it is not trusted. and getting an error as following.
www.datacook.org somehow checks the certificate of ‘datacook.org’ without www and complains with “certificate name does not match input”.

I am not sure if this is a DNS issue? or certificate issue?

sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: datacook.org
Domains: datacook.org
Expiry Date: 2019-09-17 23:22:20+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/datacook.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/datacook.org/privkey.pem
Certificate Name: www.datacook.org
Domains: www.datacook.org
Expiry Date: 2019-09-18 01:14:19+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.datacook.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.datacook.org/privkey.pem

2

How did you create that certificate? What was the command line?

1 Like
3

Hi @yuneebird

you have created some certificates ( https://check-your-website.server-daten.de/?q=datacook.org ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
976144108 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-06-20 01:14:19 2019-09-18 01:14:19 www.datacook.org - 1 entries duplicate nr. 2
976008230 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-06-19 23:22:20 2019-09-17 23:22:20 datacook.org - 1 entries duplicate nr. 1
976002670 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-06-19 23:18:59 2019-09-17 23:18:59 datacook.org, www.datacook.org - 2 entries duplicate nr. 1
975972042 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-06-19 22:56:56 2019-09-17 22:56:56 www.datacook.org - 1 entries duplicate nr. 1

One with both domain names, three with one domain name.

But you use only one certificate

CN=datacook.org
	20.06.2019
	18.09.2019
expires in 90 days	datacook.org - 1 entry

So:

  • You have one vHost with both domain names (that’s good, there are not two vHosts with two different certificates required),
  • but that vHost uses the wrong certificate

So try

certbot -d datacook.org -d www.datacook.org --reinstall

Then certbot should find the certificate with both domain names.

But: What’s your server software? There is no server header (Apache or nginx).

Did you use certonly? If yes, you have to install the certificate manual.

1 Like
4

I had to user certonly. and when I ran certbot, I selected the option standalone and it worked. thank you. This is really helpful. We can close this issue.
Spin up a temporary webserver (standalone)

5

One more question, to JuergenAuer. How can I renew the certificate in 90 days? Could you share the command please?

6

When I validate the SSL, there is red warning that “Incorrect certificate because this client doesn’t support SNI”, Any recommendations?

7

Update your ancient client. SNI is, in computer terms, very old, and should be supported by all modern clients.

8

Certbot should have created a cron job. But certonly -> perhaps you have to install the certificate manual.

So check your configuration in 65 days to see, if there is a new certificate.

9

Where do you see that warning? Via Ssllabs, the part with

Certificate #2: ... No SNI

Then ignore it. Or do you have XP users with IE6 you have to support?

The part from Certificate #1 is relevant.

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.