Certificate not valid for domain name


#1

I successfully installed and configured SSL to my other 3 sites using the instructions of DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

But today, as I install a new SSL in my new site with LetsEncrypt I can’t get it to work perfectly. Although it is showing https when I visit the site but when I test it via ssllabs it shows “Certificate name mismatch” error.

*** One thing I noticed. When I visit my www sites with LetsEncrypt installed SSL and removed their www it redirects to one domain. Is this normal?

My webserver is nginx and I believe I correctly configured my server blocks.

Your help and suggestions are very much appreciated. Thanks.


#2

The thing I get for ALL my domains is pointing at the chain for the first domain, alphabetically, on my server. This is odd… All my domains worked just fine until recently… Now they all have this issue. I’ve tried both --webroot and --standalone


#3

Hello @jeterboy or @smunsch,

You are getting those issues because in your nginx server block for ssl you are only including www domain instead of both:

Your config:

server_name www.mandolineslicerexpert.com;

and it should include both domains:

server_name mandolineslicerexpert.com www.mandolineslicerexpert.com;

Best regards,
sahsanu


#4

Whoa… it works! Thank you so much Sahsanu.


#5

Still not my problem…
Using multiple domain names on my server. Applied your fix, everywhere… Here’s a few files from my install.


#6

Sorry, but I thought jeterboy & smunsch were the same person. You should not hijack posts ;), you should open a new one with your specific issue.

Nevermind, could you please explain in detail what is your problem?, let me check my crystal ball :slight_smile:, your problem is that you are renewing your certificates but you still view that the certs expire today?.

I saw that you have already renewed your certs today but maybe they are not where you expect them to be, please, show the output of ls -la /etc/letsencrypt/live/ because I suppose your new certs are not in for example /etc/letsencrypt/live/cudd.li/ but in /etc/letsencrypt/live/cudd.li-0001/ or similar.

If that is the case you should change the path of the certificates in your nginx conf with the correct ones… or you could try to use the option --expand when using the letsencrypt command.

Remember to reload or restart your nginx if you made changes in its config.

If my crystal ball failed, please, explain your problem in detail :slight_smile:

Cheers,
sahsanu


#7

Oops. Sorry. I actually started ALL of this by deleting /etc/letsencrypt… The names are correct. Just, even using different certs, ALL domains show that I’m using the chain for cudd.li… Most of the config files (I’ve configs for… 6 different domains on this server) are in the aforementioned gist.


#8

Ok, I think I understood your “problem”, correct me if I’m wrong. You are testing the certificates using openssl s_client command and when you check your domain, for example swo.re, you get the certificate for cudd.li domain and that is because you are using this command:

openssl s_client -connect swo.re:443

but you need to include the domain name you need to check or you will get the default certificate, that in your case is the cert for cudd.li domain.

The right command is:

openssl s_client -connect hostname:443 -servername yourdomain.tld

Example with swo.re

openssl s_client -connect swo.re:443 -servername swo.re

I hope this helps.

Cheers,
sahsanu


#9

Oh. I guess I have no issue then… Okay.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.