Certificate name mismatch


I have issued certs on my server that I just set up and I get the following from https://www.ssllabs.com/ssltest/; Certificate name mismatch. The error shows it is pointing to my hostname and not my main domain, I have an htaccess which is set to rewrite to https instead of http,

I used the following to issue the certs:
./certbot-auto --text --agree-tos --email [EMAIL ADDRESS] certonly --renew-by-default --webroot --webroot-path /home/[CPANEL USERNAME]/public_html/ -d uneschewed.com -d www.uneschewed.com

And to issue the certs I used:
./certbot-auto --apache --apache-server-root /etc/apache2 --apache-challenge-location /etc/apache2

All of the certs issued correctly, what is the next steps I should take to find a solution to the cert name mismatch?

:warning: This is not safe to do on cPanel :warning:.

cPanel manages and installs SSL certificates and writes its own Apache configuration in its own specialized way. You must not allow Certbot to modify cPanel's Apache configuration.

Anything that Certbot does can either totally bust your cPanel installation, or will just get overwritten.

You have to use UAPI SSL::install_ssl to actually deploy an SSL certificate to a cPanel virtualhost.

acme.sh's uapi deploy script is one such example. Alternatively, install it via the SSL/TLS Manager in the user interface.

1 Like

It’s also more likely that you should use the WHM AutoSSL Sectigo/Comodo provider to create and install this certificate, since your server is already running that functionality. No point using Let’s Encrypt separately.

I solved this thanks.

Is there an automated way to do this, how exactly do I make it install in an automatic way?

Do I need to download the acme.sh and run the following command:

acme.sh --issue --dns -d www.[DOMAIN].[DOMAIN EXTENSION]

Is this the proper way of doing this?

And lastly, I deleted the certs using ./certbot-auto delete
command should I delete the directories under /etc/apache2/conf.d ssl.key and ssl.crt?

I see the following command is the proper way of using uapi
uapi --user=username SSL install_ssl domain=example.com cert=THECERTIFICATETEXT key=THEKEYTEXT cabundle=THECABUNDLETEXT

What goes into the fields cert= key= and cabundle=?

The urlencoded contents of cert.pem, privkey.pem and chain.pem from Certbot, for example.

You can see a standalone example of the encoding here.

But again, I don't know why you're doing this at all. cPanel AutoSSL can automatically create certificates (and already has) for these domains for you.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.