Certificate name mismatch

Why do you create one certificate with one domain name? You need one certificate with two domain names.

There

is the command already shared.

@JuergenAuer, I don’t think this will help because @romicva is not terminating TLS on the router but rather on the individual devices. There is no single device that is actually addressed using both names via the same TLS service.

Really? Looks like there is one installation which is used with different domain names.

Both pages

https://romicva.duckdns.org:5001/
https://romicvawebtrees.duckdns.org:5001/

have exact the same Html-Output.

I don’t think there are two different DiskStations.

PS: @romicva : Do you have one DiskStation or two different?

Right now, those are both being forwarded to the same device but that simply means that the other device is totally inaccessible. Creating a new port forward to allow the other device to be accessed will mean that it’s accessible via a different port.

Yep. But seeing the redirect romicvawebtrees.duckdns.org -> port 5001 I had the idea this was the intention. One Synology used with two different domain names.

So @romicva : Is this redirect that what you want? Or what’s the idea of the second domain name?

Desired setup:
Synology (NAS) - romicva.duckdns.org
Ubuntu (LAMP Server) - romicvawebtrees.duckdns.org

The two are different pieces of hardware, behind the same router, on the same network. Intention is to address them using different ports. 5001 is port used by Synology and it does its own redirection. Ubuntu is powered off right now. I can’t really get Apache to work for me at the moment.
What would be the best course of action from here?
THANK YOU for staying with me!

Ah, thanks, now we know what you want.

So the DSM under romicvawebtrees.duckdns.org was an accident.

The complete port 443 traffic was forwarded to your DSM.

So you need an additional port, because I don't think (or do not know it) your router is able to split the port 443 - traffic: romicva.duckdns.org to the first, romicvawebtrees.duckdns.org to the second.

Something like https://romicvawebtrees.duckdns.org:8080 or another port.

But if you create a certificate with dns-01 validation on your romicvawebtrees.duckdns.org system, you don't need port 80.

1 Like

I planned to address ubuntu box with its own port, pretty much like you showed. Even when I used it that way I was getting certificate mismatch.
Let me try and get Apache running again. I don’t think there’s a way to verify that both machines have the right certificates, unless both are up, correct?

Thank you

Your DSM has the correct certificate.

Your other machine must run. What's the port number? You can check ports directly via "check-your-website".

Apache on ubuntu is not responding… even locally… it’s a mess that I’m not sure how to undo. That’s why at one point I wanted to rebuild the box. Now that the certificate is sorted out I feel like trying to fix apache… Would removing and reinstalling apache be a good idea?
Thank you

You could run sudo service apache2 restart on that box and see if you see an error (either in the output of that command or in /var/log/apache2.

Thank! I’ll be able to get back to this on Friday.

Hello, I’m back.
I rebuilt and recertified the server.When I attempt to access it as:
romicvawebtrees.duckdns.org:44396 I get this error:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

However, when I use this:
https://romicvawebtrees.duckdns.org:44396
all is well.

I added the rewrite on, but can’t get it to work.

Please help.
Thank you

That's normal.

If you use a standard webserver, one port is able to manage http or https, but not both.

You can create same results with every working http / https site.

http://check-your-website.server-daten.de/ = http://check-your-website.server-daten.de:80/
https://check-your-website.server-daten.de/ = https://check-your-website.server-daten.de:443/

These are the 4 standard urls. But check

http://check-your-website.server-daten.de:443/
https://check-your-website.server-daten.de:80/

with tools like curl (or with check-your-website), then you have the same error message.

If you want http and https, you need two ports.

PS: There are some software solutions (Speedport - port 8080, VestaCP - Port 8083) with http- and https support on the same port. So you can talk with a speedport server via http://..:8080/ and via https://...:8080/. But the software must support such a switch.

Thank you JuergenAuer

There’s only one thing I want with the redirect. When a user enters:
romicvawebtrees.duckdns.org:44396
They would end up at:
https://romicvawebtrees.duckdns.org:443
Port forwarding takes care of 44396 —> 443. This works.
However, absence of “https://” doesn’t translate into “https://”.

I thought when I do:
“certbot-auto --apache”
and it asks if I want all http traffic to be redirected to https - and I say yes - it would do just that.

When I look at the .conf file I see rewriteenginge on added and rule and condition directives added.
However it doesn’t work.

Please help.

Thank you!

That domain + port doesn't answer. And if it would answer (same with port 80), you wouldn't need an additional port.

It's a configuration problem of your router, not of your website. Looks like your router can't switch between different incoming domain names. So your complete port 80 is redirected to your other domain, same with your complete 443 port traffic.

So you can't use this domain with port 443.

No, Certbot can't handle your non-standard ports.

https://romicvawebtrees.duckdns.org:443
It does work now! I AM VERY SORRY - the server was powered off.
It is up now.

Could you please take a look?

Thank you

There is nothing up. Only timeouts - https://check-your-website.server-daten.de/?q=romicvawebtrees.duckdns.org

Domainname Http-Status redirect Sec. G
http://romicvawebtrees.duckdns.org/
108.51.118.201 -14 10.017 T
Timeout - The operation has timed out
http://www.romicvawebtrees.duckdns.org/
108.51.118.201 -14 10.014 T
Timeout - The operation has timed out
https://romicvawebtrees.duckdns.org/
108.51.118.201 -14 10.017 T
Timeout - The operation has timed out
https://www.romicvawebtrees.duckdns.org/
108.51.118.201 -14 10.026 T
Timeout - The operation has timed out

Please use online tools to check your site. You use your local network, that can't work. There you see the wrong things.

Hmmm…
I’m aware of internal vs external and always check from the outside.
Could you please try and enter https://romicvawebtrees.duckdns.org:44396 in your browser to see if it works.

Below is a screenshot from my work VDI workstation, it shows that I can get to my apache without issues (from work) when url is: https://romicvawebtrees.duckdns.org:44396

Thank you!

@romicva … Yes your site (romicvawebtrees) loads for me. However, as you probably are aware, romicva still needs attention. Don’t give up.