Certificate name mismatch

Uneschewed · May 6, 2019, 9:38pm

Hello,

I have issued certs on my server that I just set up and I get the following from https://www.ssllabs.com/ssltest/; Certificate name mismatch. The error shows it is pointing to my hostname and not my main domain, I have an htaccess which is set to rewrite to https instead of http,

I used the following to issue the certs:
./certbot-auto --text --agree-tos --email [EMAIL ADDRESS] certonly --renew-by-default --webroot --webroot-path /home/[CPANEL USERNAME]/public_html/ -d uneschewed.com -d www.uneschewed.com

And to issue the certs I used:
./certbot-auto --apache --apache-server-root /etc/apache2 --apache-challenge-location /etc/apache2

All of the certs issued correctly, what is the next steps I should take to find a solution to the cert name mismatch?

_az · May 6, 2019, 9:45pm

This is not safe to do on cPanel .

cPanel manages and installs SSL certificates and writes its own Apache configuration in its own specialized way. You must not allow Certbot to modify cPanel's Apache configuration.

Anything that Certbot does can either totally bust your cPanel installation, or will just get overwritten.

You have to use UAPI SSL::install_ssl to actually deploy an SSL certificate to a cPanel virtualhost.

acme.sh's uapi deploy script is one such example. Alternatively, install it via the SSL/TLS Manager in the user interface.

_az · May 6, 2019, 9:48pm

It’s also more likely that you should use the WHM AutoSSL Sectigo/Comodo provider to create and install this certificate, since your server is already running that functionality. No point using Let’s Encrypt separately.

Uneschewed · May 6, 2019, 10:26pm

I solved this thanks.

Uneschewed · May 6, 2019, 10:32pm

Is there an automated way to do this, how exactly do I make it install in an automatic way?

Uneschewed · May 6, 2019, 10:35pm

Do I need to download the acme.sh and run the following command:

acme.sh --issue --dns -d www.[DOMAIN].[DOMAIN EXTENSION]

Is this the proper way of doing this?

Uneschewed · May 6, 2019, 10:46pm

And lastly, I deleted the certs using ./certbot-auto delete
command should I delete the directories under /etc/apache2/conf.d ssl.key and ssl.crt?

Uneschewed · May 6, 2019, 10:49pm

I see the following command is the proper way of using uapi
uapi --user=username SSL install_ssl domain=example.com cert=THECERTIFICATETEXT key=THEKEYTEXT cabundle=THECABUNDLETEXT

What goes into the fields cert= key= and cabundle=?

_az · May 7, 2019, 1:18am

The urlencoded contents of cert.pem, privkey.pem and chain.pem from Certbot, for example.

You can see a standalone example of the encoding here.

But again, I don't know why you're doing this at all. cPanel AutoSSL can automatically create certificates (and already has) for these domains for you.

system · June 6, 2019, 1:18am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cert installed successfully but get Certificate name mismatch Help	4	2104	April 16, 2018
Help in fixing this commonname mismatch Server	7	865	July 29, 2018
Certificate name mismatch Server	4	2228	March 22, 2018
Certificate name mismatch error Help	2	2401	May 26, 2018
Certbot with Apache2 - Certificate name mismatch Help	6	2231	January 7, 2018

Certificate name mismatch

Related topics