All my websites with LE SSL encryption were working fine. I have deleted my Digital Ocean Floating IP as I don’t need it, and now I have only one website working with the LE SSL encryption.
By deleting the floating ip, I changed my ip address. And I had to specify the new IP address on the A records of the domains.
So I have relaunch the command :
/opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d anotherwebsite.com -d www.anotherwebsite.com -d dev.anotherwebsite.com certonly
But the LE SSL encryption still doesn’t work for anotherwebsite.com
I don’t know what to do. When I try to go to https://anotherwebsite.com it tells me with Firefox Error Code : SSLERRORBADCERTDOMAIN
dev.anotherwebsite.com .com uses an invalid security certificate. The certificate is available only for the domains: mywebsite.com, dev.mywebsite.com, www.mywebsite.com
Indeed my LE SSL encryption is working for mywebsite.com
What can I do ? What do I have to check ?
Do you need to know the name of the websites I am talking about ?
Thanks for your help.
I had to change the apache config file /etc/apache2/sites-available/anotherwebsite.com-le-ssl.conf:
XXX.XXX.XXX.XXX is my public ip address.
The question is, why was it working like that before deleting my Digital Ocean Floating IP and by the way, changing my server public IP address ?
Anyway, it’s working fine now
But I had to, maybe it worked again because I launched the command
service apache reload
@defacta: It sounds like you may not have correctly configured ServerNames and ServerAliases for each of your hostnames, and Apache is defaulting to using a certificate that does not match the site you are visiting. Can you run:
egrep -r 'ServerName|ServerAlias' /etc/apache2
Also, it would be much easier to assist you if you provide the real hostnames of your sites. It’s harmless to post them here.
Here is part of the result of
egrep -r 'ServerName|ServerAlias' /etc/apache2 :
/etc/apache2/sites-available/dev.anotherwebsite.com.conf: ServerName dev.anotherwebsite.com
/etc/apache2/sites-available/dev.anotherwebsite.com.conf: ServerAlias dev.anotherwebsite.com
/etc/apache2/sites-available/dev.anotherwebsite.com.conf: ServerAlias autoconfig.anotherwebsite.com
dev.anotherwebsite.com is a website for which LE SSL encryption was not working anymore after changing IP address (deleting the Digital Ocean floating IP).
If I don’t show the name it’s because I don’t want a Google search showing this community page.
There’s your problem: You don’t list
anotherwebsite.com as a ServerName or ServerAlias, so Apache is using whatever certificate it considers “default.”
Yet, I have this virtual host which has not been affected by the change of IP:
/etc/apache2/sites-available/anotherwebsite.com-ssl.conf: ServerName anotherwebsite.com
/etc/apache2/sites-available/anotherwebsite.com-ssl.conf: ServerAlias www.anotherwebsite.com
So what do I have to check ? Inside the config file of anotherwebsite.com-ssl.conf I have:
CustomLog /var/log/virtualmin/anotherwebsite_access_log combined
There is still *, no IP address. And it’s working.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.