Certificate not trusted on alternate domain/domain not detected by certbot (https line through it)

Help
245

Or just make them all relative...

2 Likes
246

In Forum backend:

Board URL
The url to your forums.
Include the http://. Do NOT include a trailing slash.
https://www.techmasterdesign.com/groupfinder

Can change that to groupfinder.cc

2 Likes
247

He will be fine.
The two names are being served independently from each other (properly via SNI).

The issue will be in that the site was build on top of the first name.
Everything in there references that first name.

3 Likes
248

I’ll leave you two to it. food… :drooling_face:

2 Likes
249

thank you for your help <3

SNI Config doesn’t look too bad, but i’m sure i’ll figure out some way to fuck it up:

# Ensure that Apache listens on port 443
Listen 443
    
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:443

# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off

<VirtualHost *:443>
  # Because this virtual host is defined first, it will
  # be used as the default if the hostname is not received
  # in the SSL handshake, e.g. if the browser doesn't support
  # SNI.
  DocumentRoot /www/example1
  ServerName www.example.com

  # Other directives here

</VirtualHost>

<VirtualHost *:443>
  DocumentRoot /www/example2
  ServerName www.example2.org

  # Other directives here

</VirtualHost>
2 Likes
250

SNI basically means that you can/will serve multiple domains names (individually) via the same single IP.
You are already doing that.
Where:
site1 & site2 = (same) IP
site1 goes to /folder1
site2 goes to /folder2

2 Likes
251

gunna try and run certbot --apache

And then set up that A record DDNS script :stuck_out_tongue: (might save that for tomorrow lol)

ERR MY GERD!!! IT WERKS! NO FERKIN WEY.

THANK YOU FOR ALL YOUR HELP YOU FUCKIN GENIUS.

3 Likes
252

more baby steps…
tomorrow you learn how to ride a bike !

[and we’ll be there to hold your handlebars… and then let go! - lol]

3 Likes
253

Dr. ME says:
The less GD in your diet, the healthier your brain gets.

3 Likes
254

Rofl. I hate them but I also love them because I bet other hosting providers don’t have extensive uses of their API’s, and I wouldn’t get to use this: https://github.com/CarlEdman/godaddy-ddns

So there’s a positive side to it being a popular domain provider. Funny thing is that you would have expected the name godaddy.com to be used as a porn site, not web hosting and DNS.

3 Likes
255

It’s God Addy,

So not pornographic, but blasphemous.

3 Likes
256

Hey for some reason when going to a subdirectory without using www. it says the certicate is not valid (example domain: techmasterdesign.com/truce-photos:

"Your connection is not private

Attackers might be trying to steal your information from techmasterdesign.com (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_COMMON_NAME_INVALID

Help improve security on the web for everyone by sending URLs of some pages you visit, limited system information, and some page content to Google. Privacy policy"

here is the 000-default.conf in sites-available:

	# for www.techmasterdesign.com
	RewriteCond %{SERVER_NAME} =www.techmasterdesign.com
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

	# for techmasterdesign.com
	RewriteCond %{SERVER_NAME} =techmasterdesign.com
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
2 Likes
257

Because the cert in use is missing that base FQDN:
image

[HTTP would not have this problem but it forwards to HTTPS]

2 Likes
258

Please show:
certbot certificates

1 Like
260 
root@dell-emc:/home/george# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: www.techmasterdesign.com
    Serial Number: 4823c863a3a4789ec9073c95aa7c4c2da7a
    Domains: groupfinder.cc wavebuddha.com www.groupfinder.cc www.techmasterdesign.com www.wavebuddha.com
    Expiry Date: 2020-12-13 04:29:31+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/www.techmasterdesign.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.techmasterdesign.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I guess they all share that one techmasterdesign.com certificate :O. Sorry for the late reply, I fell right asleep like a lil baby.

2 Likes
261

You are missing the techmasterdesign.com FQDN in that list.

Use:
apachectl -S
to make sure the name is covered and then add it to the cert.

2 Likes
262

image

3 Likes
263

AH00526: Syntax error on line 35 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:

SSLCertificateFile: file ‘/etc/letsencrypt/live/www.techmasterdesign.com/fullchain.pem’ does not exist or is empty

Action ‘-S’ failed.

The Apache error log may have more information.

2 Likes
264

Try it with SUDO:
sudo apachectl -S

[empty in this case isn’t empty - it is I can’t read the file]

2 Likes
265 
root@dell-emc:/home/george# sudo apachectl -S
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server www.techmasterdesign.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 443 namevhost www.techmasterdesign.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 443 namevhost groupfinder.cc (/etc/apache2/sites-enabled/groupfinder-le-ssl.conf:2)
                 alias www.groupfinder.cc
         port 443 namevhost wavebuddha.com (/etc/apache2/sites-enabled/wavebuddha-le-ssl.conf:2)
                 alias www.wavebuddha.com
*:80                   is a NameVirtualHost
         default server www.techmasterdesign.com (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost www.techmasterdesign.com (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost groupfinder.cc (/etc/apache2/sites-enabled/groupfinder.conf:1)
                 alias www.groupfinder.cc
         port 80 namevhost wavebuddha.com (/etc/apache2/sites-enabled/wavebuddha.conf:1)
                 alias www.wavebuddha.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
root@dell-emc:/home/george#

Ok so I need to add the techmasterdesign.com domain in virtualhosts sites-available?

I think im missing the line ServerAlias techmasterdesign.com

2 Likes