Certificate Not Issued for Correct Domains or Renewed

Please fill out the fields below so we can help you better.

My domain is:www.jefferymorse.net, www.roadtobethelradio.com, www.jefferymorseministries.com

I ran this command:
https://www.ssllabs.com/ssltest/analyze.html?d=jefferymorseministries.com
also when I run certbot -certificates it reports that I have no certs. however, there are several listed in /live

It produced this output: Expired Certification, Name mismatch

My web server is (include version): Apache2 2.4. runing under, php 5.6, ehcp 1.01 force,

The operating system my web server runs on is (include version): Ubuntu Server 14.4

My hosting provider, if applicable, is: Private Server

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): not cp but ehcp, with the addition of letsencrypt certificate linking… however, I did originally install certbot manually.

I think original cert was one that covered all domains. the link inside of the ehcp does one at a time. to add to the headache originally they were self produced, and then after that and before certbot I had some from my dns providers, godaddy, enom, namecheap. I forget which ones. I need a way to identify the expired, and mismatches, find them on the server. They are not all stored in one place, and find a solution please.

hi @jcmorse563

First things first your certificate only covers .net not the .com or the roadtox domain.

https://crt.sh/?id=78730443

Second of all you have not renewed your certificate which is why it’s out of date.

I am going to take a stab that at the begining of this year you ran a command like certbot --apache to get your certificates initially. If you run cerbot --renew you should be able to renew your current certificate.

You should run certbot --apache and obtain a certificate for all your domains.

not cp but ehcp, with the addition of letsencrypt certificate linking

I have no idea what this means so can you clarify this please (for exampl cp which stands for…etc)

I am not sure how technical you are so I may not be the best person to help you as I am used to “pointing people” in the right direction rather than providing detailed step by step resolutions but esentially this is how I would fix you problem

A) use the apache plugin as it will install the certificates and update the apache configs
B) Create a new certificate covering all 3 of your domain names
C) delete the old certificate which covers only one of your 3 domains
D) Setup an automated renewal via cron.

Andrei

I’m also going to add that you are not redirecting the http versions of your page to https. This is strongly recommended. If you could share a bit more of what you have set up currently, I think we could help point you in a better direction.

Thanks for the help. The certificate history is as follows. first self produced by ubuntu. second certificate from my dns providers, third, I used certbot --apache, the last time I change from cp(cpanel) to ehcp(easy hosting control panel) Force edition. Inside the panel there is an icon to add certificates. However, the service in the panel does one domain at a time, this is the history through the years btw… These sites were mostly not secured, but after the panel upgrade i decided to secure them all. As a result I have the conflicts mentioned… Today I ran certbot --apache and got the following.

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
Please see the logfiles in /var/log/letsencrypt for more details.

Lastly I know the redirect is not in place, I am choosing to leave it out until after these problems are solved. This is a ssl or non ssl server.

thanks again any help is greatly appreciated.

Hm, that’s interesting. It looks like certbot is having a hard time parsing something in your apache configs, and is thus trying to issue a certificate for a domain that doesn’t have a public TLD. (e.g. something.local instead of something.com) Is it not asking you which domains to issue a certificate for when you run certbot --apache?

Could you post the contents of /var/log/letsencrypt? That will show the culprit. It may be helpful to see your Apache configs (at least the VirrualHosts sections) as well, but I’m more interested in seeing the log for now.

Found the issue for the non public issue. For somereason it’s trying to lic classapp.php I excluded that and it seemed to go thru. However, still showing expired cert on the check.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.