Certificate subject name does not match target host name because Let's Encrypt uses Amazon's private DNS name


#1

I have an Amazon EC2 instance using Ubuntu 16.04. I created the certificate using this command:
sudo certbot certonly --apache -w /var/www/html -d search.pickmybuilder.com.

The certificate is generated fine, but the non-matching name error is caused because it’s subject name uses Amazon’s private DNS name (ip-172-xx-xx-xxx.us-west-2.compute.internal) which does not match the public ip.

My search for an answer has been going on for days! Is there a way for the certificate to use something besides the private DNS, or is there a way to change the source on my Ubuntu instance where Let’s Encrypt selects this name?

Thanks for any help!

Here’s my output running this command:
sudo curl -v -L https://search.pickmybuilder.com


#2

That’s not the certificate that Let’s Encrypt issued - that’s the self-signed certificate that your operating system provides by default. You used certbot certonly which only obtains the certificate but does not install it for you.

More information here:


#3

How do I then install it?


#4

You’ll need to edit your web server configuration files (within /etc/apache2 if you’re using Apache, for example) to refer to it. If you’re using Apache you can see where certificates are currently configured with

grep -r SSLCert /etc/apache2

However, the most correct thing for Apache is to put the configuration related to a particular site in a VirtualHost block, so you can have different configurations applicable to different sites that you may choose to host on the same server.


#5

Question: in case of NameVirtualHosts wouldn’t putting SSLCertificate configuration require a working Server Name Indication on the Apache?


#6

Thanks very much. We’re good now!


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.