Certificate name mismatch SSL report

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ordertrack.prime-vendor.com

I ran this command:
**Case: **
**I did install let's encrypt last week in the mentioned server(previously it was Ubuntu server), but due to certain requirement, we had to reset the server to centos version. **

**After successful installation of apache in new centos (7.6) server[note: domain name is same though] **
I proceed through the process of installing ssl.
yum install epel-release
yum install certbot python2-certbot-apache mod_ssl
certbot --apache -d ordertrack.prime-vendor.com
(proceed according to instruction and choose auto https redirect option 2)

It produced this output:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/httpd/sites-enabled/ordertrack.prime-vendor.com.conf to ssl vhost in /etc/httpd/sites-available/ordertrack.prime-vendor.com-le-ssl.conf


Congratulations! You have successfully enabled
https://ordertrack.prime-vendor.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=ordertrack.prime-vendor.com


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/ordertrack.prime-vendor.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/ordertrack.prime-vendor.com/privkey.pem
    Your cert will expire on 2019-09-25. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the "certonly" option. To non-interactively renew all of
    your certificates, run "certbot renew"

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
    Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

My web server is (include version):
Server version: Apache/2.4.6 (CentOS)
Server built: Apr 24 2019 13:45:48

The operating system my web server runs on is (include version):
CentOS Linux release 7.6.1810 (Core)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I'm using puTTy terminal and operating using commands.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.34.2

I would be really thankful if this mismatch issue could be resolved.
NOte:
Using same domainname: ordertrack.prime-vendor.com

Initially, I had to install new cert in Ubuntu system.
Later, due to certain requirement, we had to change the same system to centoos.

When it was in Ubuntu system, I installed certificate for domain and it was working fine.
https://ordertrack.prime-vendor.com
was working.

Later, when system changed to centos,
I repeated same process, and log says,
cert has been installed successfully,
However,the certificate name mismatch SSL report was seen.
and SSL is not installed.

What could be the actual issues here?
It would be helpful if anyone can update me on related issue.

I also looked into the similar error:

**which says: **
Sounds like Apache has another certificate configured elsewhere that is taking precedence.

But I've only installed one cert in the system.

Thank you.
Rajendra

Yes, that sounds likely.

What does this show:

grep -Ri SSLCertificateFile /etc/httpd/
apachectl -t -D DUMP_VHOSTS

grep -Ri SSLCertificateFile /etc/httpd/

[root@ordertrack ~]# grep -Ri SSLCertificateFile /etc/httpd/
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateFile at a PEM encoded certificate. If
/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/pki/tls/certs/localhost.crt
/etc/httpd/conf.d/ssl.conf:# the referenced file can be the same as SSLCertificateFile
Binary file /etc/httpd/modules/mod_ssl.so matches
/etc/httpd/sites-available/ordertrack.prime-vendor.com-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/ordertrack.prime-vendor.com/cert.pem

apachectl -t -D DUMP_VHOSTS
[root@ordertrack ~]# apachectl -t -D DUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.

Note:
I did restarted httpd. Its no change though.

1 Like

Hi @RajendraMaharjan

works

apachectl -S

?

apachectl -S

Nothing displays.

@JuergenAuer
Hi, are you familiar with similar issues?
I’ve been stuck here and unable to get it right.

You have a lot of certificates ( https://check-your-website.server-daten.de/?q=ordertrack.prime-vendor.com#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-06-27 2019-09-25 ordertrack.prime-vendor.com - 1 entries duplicate nr. 5 next Letsencrypt certificate: 2019-07-03 05:05:23
Let’s Encrypt Authority X3 2019-06-26 2019-09-24 ordertrack.prime-vendor.com - 1 entries duplicate nr. 4
Let’s Encrypt Authority X3 2019-06-26 2019-09-24 ordertrack.prime-vendor.com - 1 entries duplicate nr. 3
Let’s Encrypt Authority X3 2019-06-26 2019-09-24 ordertrack.prime-vendor.com - 1 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-06-26 2019-09-24 ordertrack.prime-vendor.com - 1 entries duplicate nr. 1

But you use a self signed.

E=root@ordertrack.prime-vendor.com, 
CN=ordertrack.prime-vendor.com, OU=SomeOrganizationalUnit, 
O=SomeOrganization, L=SomeCity, S=SomeState, C=--
	27.06.2019
	26.06.2020
expires in 361 days

I don’t know why apachectl (or apachectl2) doesn’t work.

So check your vHost configuration manual to find that self signed certificate. Or to find duplicated vHosts.

Every combination of port and domain name must be unique.

PS: Is this

com

really an Apache?

Typical Apache 404 pages look different.

Perhaps there is another server that answers.

Yes, I created one for ubuntu, and next one for centos.
The remaining duplicates are tested later, I tested creating new one if there are some issue.

Isn;t there any way to remove all previous entries?

There is only one Vhost configuration ordertrack.prime-vendor.com.conf.txt (535 Bytes) ordertrack.prime-vendor.com-le-ssl.conf.txt (655 Bytes)

Yes, its apache.
I installed httpd earlier using yum repo.

The error type page should be coming from PHP.
Currently a test PHP project is being hostedover there.

No, CT-logs are append-only logs. And never delete active certificates local, that's always bad.

If your config

	<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName www.ordertrack.prime-vendor.com
    ServerAlias ordertrack.prime-vendor.com
    DocumentRoot /var/www/ordertrack.prime-vendor.com/html
    ErrorLog /var/www/ordertrack.prime-vendor.com/log/error.log
    CustomLog /var/www/ordertrack.prime-vendor.com/log/requests.log combined
SSLCertificateFile /etc/letsencrypt/live/ordertrack.prime-vendor.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ordertrack.prime-vendor.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/ordertrack.prime-vendor.com/chain.pem
</VirtualHost>
</IfModule>

doesn't work, you may have another config that is used. Looks like the standard vHost is used, not the individual. Or you have two OS and the wrong OS answers. Or you have something like a wrong port forwarding.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.