The certs I'm requesting for thechatpit.org are coming up for ampache.thechatpit.org when used for ircd. I've done sudo cp /etc/letsencrypt/live/thechatpit.org/fullchain.pem /etc/priv/ircd.crt for the ircd certificate, and they're coming up with:
Certification info:
Subject:
CN=ampache.thechatpit.org
Issuer:
C=US
O=Let's Encrypt
CN=R3
When connecting to the ircd. The ircd is not running on the ampache subdomain, and the certificate is from the root site. I'm stumped.
It produced this output:
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/ampache.thechatpit.org/fullchain.pem expires on 2022-02-13 (skipped)
/etc/letsencrypt/live/nextcloud.thechatpit.org/fullchain.pem expires on 2022-02-13 (skipped)
/etc/letsencrypt/live/thechatpit.org/fullchain.pem expires on 2022-01-29 (skipped)
No renewals were attempted.
My web server is (include version):
Server version: Apache/2.4.51 (Unix)
Server built: Nov 13 2021 20:10:37
The operating system my web server runs on is (include version):
Archlinux (rolling, current)
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0
You're just looking at the "Common name" where instead you should look at the "Subject Alternative Name" extension further down the certificate info. There you'll see the other hostname.
You can also see the hostnames included in a certificate in certbot by running certbot certificates .
k, did a certbot certificatesand the domains were all mangled together. I revoked ampache.thechatpit.org, nextcloud.thechatpit.org, and thechatpit.org and did a certbot certonly with -d domain for each one. The certbot certificates now looks cleaner:
...with only one domain listed under "Domains" per certificate. However, after moving the certs around to their "correct" places, ircd still says the cert it's using is for ampache, and nextcloud now has this:
This server could not prove that it is nextcloud.thechatpit.org ; its security certificate is from thechatpit.org . This may be caused by a misconfiguration or an attacker intercepting your connection.
...on the error in Chrome. I'll double check that the right certs are going to the right configs, but I'm still stumped.
Have you restarted those services after updating their certs?
You could try beating them at their own game and... Combine all names onto one single cert - FTW!
[that way you can't go wrong]
Why do so many people feel the need to REVOKE perfectly unharmed certificates !?!?!?!?!
PLEASE DON'T REVOKE any certificate simply because you no longer care to use it.
There is a very simple command for that: certbot delete --cert-name {name of cert}
While some people indeed prefer this, note that there is nothing wrong with having multiple hostnames in a single certificate, even if you just see one in the "common name" of a certificates subject.