Did the SSL Certificate change recently? Unable to get my 2 DNS's to work

Hello. I am not an IT person, but I can manage my own FTP using Rumpus. For years I have used Let’s Encrypt, Homebrew, and John’s Blog (developer of Rumpus) in the Terminal command (I am on a MAC) to obtain and renew SSL certificates. Today, something strange happened, and I can’t fix it.

I have files.undertonemusic.com – this is my FTP (created via Rumpus). It is secure. For years I have had a client’s DNS point to my FTP and I made folders for him and his clients to use. Once we got an SSL, that was secure too. His address is files.briefcasetv.net. Again, for years the SSL certificate would cover both addresses. Today, files.briefcasetv.net became invalid. I went through the steps to renew…nothing. No joy.

The steps are here:
https://www.maxum.com/Rumpus/Blog/LetsEncrypt.html

I emailed John, he does not know why it doesn’t work anymore other than something changed with the certificates.

Can someone help me, please?

Thank you in advance!

1 Like

Hi @undertone

that looks simple. Checking the files.briefcasetv.net there are some certificates - https://check-your-website.server-daten.de/?q=files.briefcasetv.net#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-08-14 2019-11-12 files.briefcasetv.net
1 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-05-14 2019-08-12 files.briefcasetv.net, files.undertonemusic.com
2 entries
Let’s Encrypt Authority X3 2019-03-26 2019-06-24 files.briefcasetv.net, files.undertonemusic.com
2 entries

But you don’t use the last, instead, you use the

CN=files.undertonemusic.com
	14.08.2019
	12.11.2019
expires in 90 days	files.undertonemusic.com - 1 entry 

so the domain name is wrong.

Checking your other domain - the same picture - https://check-your-website.server-daten.de/?q=files.undertonemusic.com#ct-logs

Last certificates:

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-08-14 2019-11-12 files.undertonemusic.com
1 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-05-14 2019-08-12 files.briefcasetv.net, files.undertonemusic.com
2 entries
Let’s Encrypt Authority X3 2019-03-26 2019-06-24 files.briefcasetv.net, files.undertonemusic.com
2 entries

There you use

CN=files.undertonemusic.com
	14.08.2019
	12.11.2019
expires in 90 days	files.undertonemusic.com - 1 entry

Looks like you have one vHost (don’t know if “Rumpus” has vHosts), that works with both subdomain names.

Old configuration: There was one certificate with both domain names -> both domains are secure.

Now you have created two different certificates, one per domain name.

But your Rumpus uses only one certificate, so your other connection is insecure.

Easiest solution: Create again one certificate with both domain names and use that. But I don’t know how your client works.

1 Like

PS: Checked that link.

There you have used

sudo certbot certonly

Use instead

sudo certbot certonly -d files.undertonemusic.com -d files.briefcasetv.net

so you have one certificate with both domain names.

Your last certificate with both domain names is - simply - expired.

Edit: Must be -d, not - d

Oh, thank you very much for your time looking at my situation! I will try this.

Note that the space between the first - and the d is incorrect; it should be -d, as in the example later in the command.

2 Likes

Thank you schoen for that point of syntax! I indeed noticed it, and it didn’t work, but when I did as you indicate, it worked! Huzzah!

THANK YOU BOTH Jurgen and schoen! I really appreciate you helping out a barely IT literate music & sound studio business owner fumble through administering his FTP. Saving this stuff into a document.

3 Likes

Thanks @schoen - that can’t work with a - d.

@undertone - now you have one certificate with bot domain names - both connections are secure :+1:

2 Likes