[CLOSE] Net::err_cert_common_name_invalid


#1

Hi,

I create more then one certificate for other domain present on the same server, but now I have one problem with the domain below, when you visit https://www.missionbambini.org not load the right certificate.

My domain is: missionbambini.org and www.missionbambini.org

I ran this command: ./.acme.sh/acme.sh --issue --apache -d missionbambini.org -d www.missionbambini.org --keylength ec-384 --ecc --renew --force

It produced this output:

[dom 22 lug 2018, 13.05.30, CEST] Multi domain=‘DNS:missionbambini.org,DNS:www.missionbambini.org’
[dom 22 lug 2018, 13.05.30, CEST] Getting domain auth token for each domain
[dom 22 lug 2018, 13.05.30, CEST] Getting webroot for domain=‘missionbambini.org
[dom 22 lug 2018, 13.05.30, CEST] Getting new-authz for domain=‘missionbambini.org
[dom 22 lug 2018, 13.05.31, CEST] The new-authz request is ok.
[dom 22 lug 2018, 13.05.31, CEST] Getting webroot for domain=‘www.missionbambini.org
[dom 22 lug 2018, 13.05.31, CEST] Getting new-authz for domain=‘www.missionbambini.org
[dom 22 lug 2018, 13.05.32, CEST] The new-authz request is ok.
[dom 22 lug 2018, 13.05.33, CEST] missionbambini.org is already verified, skip http-01.
[dom 22 lug 2018, 13.05.33, CEST] www.missionbambini.org is already verified, skip http-01.
[dom 22 lug 2018, 13.05.33, CEST] Verify finished, start to sign.
[dom 22 lug 2018, 13.05.35, CEST] Cert success.
[dom 22 lug 2018, 13.05.35, CEST] Your cert is in /root/.acme.sh/missionbambini.org_ecc/missionbambini.org.cer
[dom 22 lug 2018, 13.05.35, CEST] Your cert key is in /root/.acme.sh/missionbambini.org_ecc/missionbambini.org.key
[dom 22 lug 2018, 13.05.35, CEST] The intermediate CA cert is in /root/.acme.sh/missionbambini.org_ecc/ca.cer
[dom 22 lug 2018, 13.05.35, CEST] And the full chain certs is there: /root/.acme.sh/missionbambini.org_ecc/fullchain.cer
[dom 22 lug 2018, 13.05.35, CEST] Installing cert to:/etc/apache2/ssl-ecc/missionbambini.org_ecc/missionbambini.org.cer
[dom 22 lug 2018, 13.05.35, CEST] Installing key to:/etc/apache2/ssl-ecc/missionbambini.org_ecc/missionbambini.org.key
[dom 22 lug 2018, 13.05.35, CEST] Installing full chain to:/etc/apache2/ssl-ecc/missionbambini.org_ecc/fullchain.cer
[dom 22 lug 2018, 13.05.35, CEST] Run reload cmd: service apache2 force-reload
[dom 22 lug 2018, 13.05.35, CEST] Reload success

My web server is (include version):

The operating system my web server runs on is (include version): Debian GNU/Linux 8

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Please help me to use the right certificate for this domain.

Best Regards,
Daniele Papperini


#2

From the acme.sh readme: “This apache mode is only to issue the cert, it will not change your apache config files. You will need to configure your website config files to use the cert by yourself. We don’t want to mess your apache server, don’t worry.”

You’ll have to install the certificate manually. Did you do that?


#3

Hi Osiris,

I have add this line at my configuration files of apache for listener *:443

SSLEngine on
SSLCertificateFile /etc/apache2/ssl-ecc/missionbambini.org_ecc/missionbambini.org.cer
SSLCertificateKeyFile /etc/apache2/ssl-ecc/missionbambini.org_ecc/missionbambini.org.key
SSLCertificateChainFile /etc/apache2/ssl-ecc/missionbambini.org_ecc/fullchain.cer

But when you go on the website https return the certificate with error.

Best Regards,
Daniele Papperini


#4

I have resolve this problem.

Sorry for this post.

Best Regards,
Daniele Papperini


#5

Hi @DPapperini

But this is not the wrong certificate. Now the certificate is correct.

This is only a mixed content warning.

Use FireFox / Chrome (Desktop), then Ctrl + Shift + i, then open the console.

You have links startet with http, change these to https


#6

Because I have resolve this problem.

Now the certificate is right and work correct.

I have missing a configuration for the apache file.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.