Certificate name mismatch


#1

tried similar solutions to those offered for this error. no dice. I’m getting the Certificate name mismatch for one domain without the ‘www’ while the one with ‘www’ works great. also getting this error at command line for several domains and wonder if its implicated:

Attempting to parse the version 0.26.1 renewal configuration file found at /etc/letsencrypt/renewal/www.example.net.conf with version 0.22.2 of Certbot. This might not work.

help!


#2

Can you provide more information?

What are the domains?

Either Certbot was downgraded to an older version, or there are multiple installs of it – perhaps certbot-auto was version 0.26.1 when the certificate was issued, and there’s also an OS package of 0.22.2. Downgrading usually doesn’t cause problems, though, and it can’t have caused issues for the web server if it hasn’t done anything yet.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

My domain is:
saveoursoil.us

I ran this command:
certbot --apache

It produced this output:
Which names would you like to activate HTTPS for?

1: saveoursoil.us
2: www.saveoursoil.us


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for saveoursoil.us
Waiting for verification…
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/saveoursoil.us-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Enhancement redirect was already set.


Congratulations! You have successfully enabled https://saveoursoil.us

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=saveoursoil.us

My web server is (include version):
Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 16.04.5 LTS
Release: 16.04
Codename: xenial

My hosting provider, if applicable, is:
linode

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no


#4

What do “sudo cerbot certificates” and “sudo apache2ctl -S” output?


#5

#certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 0.26.1 renewal configuration file found at /etc/letsencrypt/renewal/www.energymodeling.net.conf with version 0.22.2 of Certbot. This might not work.
Attempting to parse the version 0.26.1 renewal configuration file found at /etc/letsencrypt/renewal/wholeworldjustice.org.conf with version 0.22.2 of Certbot. This might not work.
Attempting to parse the version 0.26.1 renewal configuration file found at /etc/letsencrypt/renewal/web-analysts.net.conf with version 0.22.2 of Certbot. This might not work.
Attempting to parse the version 0.26.1 renewal configuration file found at /etc/letsencrypt/renewal/energymodeling.net.conf with version 0.22.2 of Certbot. This might not work.


Found the following certs:
Certificate Name: saveoursoil.us
Domains: saveoursoil.us
Expiry Date: 2018-12-17 15:02:07+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/saveoursoil.us/fullchain.pem
Private Key Path: /etc/letsencrypt/live/saveoursoil.us/privkey.pem

apache2ctl -S

VirtualHost configuration:
*:443 is a NameVirtualHost
default server energymodeling.net (/etc/apache2/sites-enabled/energymodeling.net-le-ssl.conf:2)
port 443 namevhost saveoursoil.us (/etc/apache2/sites-enabled/saveoursoil.us-le-ssl.conf:2)
alias www.saveoursoil.us
*:80 is a NameVirtualHost
default server energymodeling.net (/etc/apache2/sites-enabled/energymodeling.net.conf:5)
port 80 namevhost saveoursoil.us (/etc/apache2/sites-enabled/saveoursoil.us.conf:4)
alias www.saveoursoil.us
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33


#6

Hi @walpi

you have 4 active certificates only with saveoursoil.us as domain name, three created yesterday:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:saveoursoil.us&lu=cert_search

And you have 3 active certificates only with www.saveoursoil.us as domain name, two created yesterday:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:www.saveoursoil.us&lu=cert_search

One of these is installed.

But you need one certificate with two names - www and non-www.

And you use the - deprecated - tls-sni-01 - validation. This may not work if you create a new certificate. So switch to http-01:

All other things are looking good. So try something like

certbot --apache -d saveoursoil.us -d www.saveoursoil.us --preferred-challenges http

to get one certificate with two names.


#7

That took care of it. Thank you!


#8

Yep, now you have the correct certificate with two domain names:

DNS-Name: saveoursoil.us
DNS-Name: www.saveoursoil.us

But there is a mixed content warning you should fix: Use FireFox or Chrome, then CTRL + Shift + I, this opens the console. There you can find links loaded per http, not per https.

http://saveoursoil.us/wp-content/uploads/2018/09/Maler_der_Grabkammer_des_Sennudem_001_maintenance.jpg

Change them to https.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.