Digital Ocean floating IP deleted, Lets encrypt SSL not working anymore


#1

Hello,

All my websites with LE SSL encryption were working fine. I have deleted my Digital Ocean Floating IP as I don’t need it, and now I have only one website working with the LE SSL encryption.

By deleting the floating ip, I changed my ip address. And I had to specify the new IP address on the A records of the domains.

So I have relaunch the command :

/opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d anotherwebsite.com -d www.anotherwebsite.com -d dev.anotherwebsite.com certonly

But the LE SSL encryption still doesn’t work for anotherwebsite.com

I don’t know what to do. When I try to go to https://anotherwebsite.com it tells me with Firefox Error Code : SSLERRORBADCERTDOMAIN

dev.anotherwebsite.com .com uses an invalid security certificate. The certificate is available only for the domains: mywebsite.com, dev.mywebsite.com, www.mywebsite.com

Indeed my LE SSL encryption is working for mywebsite.com

What can I do ? What do I have to check ?

Do you need to know the name of the websites I am talking about ?

Thanks for your help.


#2

Found !

I had to change the apache config file /etc/apache2/sites-available/anotherwebsite.com-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>

to

<IfModule mod_ssl.c>
<VirtualHost XXX.XXX.XXX.XXX:443>

Where XXX.XXX.XXX.XXX is my public ip address.

The question is, why was it working like that before deleting my Digital Ocean Floating IP and by the way, changing my server public IP address ?

Anyway, it’s working fine now :smile:


#3

Shouldn’t be necessary. See also: https://httpd.apache.org/docs/2.4/vhosts/name-based.html


#4

Yes Osiris :open_mouth:
But I had to, maybe it worked again because I launched the command service apache reload

No clue!


#5

@defacta: It sounds like you may not have correctly configured ServerNames and ServerAliases for each of your hostnames, and Apache is defaulting to using a certificate that does not match the site you are visiting. Can you run:

egrep -r 'ServerName|ServerAlias' /etc/apache2

Also, it would be much easier to assist you if you provide the real hostnames of your sites. It’s harmless to post them here.


#6

Hello jsha,

Here is part of the result of egrep -r 'ServerName|ServerAlias' /etc/apache2 :

/etc/apache2/sites-available/dev.anotherwebsite.com.conf:        ServerName dev.anotherwebsite.com
/etc/apache2/sites-available/dev.anotherwebsite.com.conf:  ServerAlias dev.anotherwebsite.com
/etc/apache2/sites-available/dev.anotherwebsite.com.conf:  ServerAlias autoconfig.anotherwebsite.com

dev.anotherwebsite.com is a website for which LE SSL encryption was not working anymore after changing IP address (deleting the Digital Ocean floating IP).

If I don’t show the name it’s because I don’t want a Google search showing this community page.


#7

There’s your problem: You don’t list anotherwebsite.com as a ServerName or ServerAlias, so Apache is using whatever certificate it considers “default.”


#8

Yet, I have this virtual host which has not been affected by the change of IP:

/etc/apache2/sites-available/anotherwebsite.com-ssl.conf:          ServerName anotherwebsite.com
/etc/apache2/sites-available/anotherwebsite.com-ssl.conf:          ServerAlias www.anotherwebsite.com

So what do I have to check ? Inside the config file of anotherwebsite.com-ssl.conf I have:

<VirtualHost *:443>

                ServerName anotherwebsite.com
                ServerAlias www.anotherwebsite.com

                DocumentRoot /home/anotherwebsite/public_html
                ErrorLog /var/log/virtualmin/anotherwebsite.com_error_log
                CustomLog  /var/log/virtualmin/anotherwebsite_access_log combined

There is still *, no IP address. And it’s working.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.