Do I need to remove the certs


#1

I found 3 certs on my server: shellhat.com-0001, www.shellhat.com and shellhat.com.conf. I don’t know why, but the https link only works when I set the wordpress URL and website URL to shellhat.com.

Do I need to remove the invalid certs and the cert with -0001?

If I don’t have to, how to correct the invalid one, and how to change the cert will -0001 to shellhat.com?

Thanks.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:shellhat.com

I ran this command:certbot certificates

It produced this output:Renewal configuration file /etc/letsencrypt/renewal/shellhat.com.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.


Found the following certs:
Certificate Name: shellhat.com-0001
Domains: shellhat.com
Expiry Date: 2019-01-17 13:31:27+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/shellhat.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/shellhat.com-0001/privkey.pem
Certificate Name: www.shellhat.com
Domains: shellhat.com www.shellhat.com
Expiry Date: 2019-01-17 15:28:54+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/www.shellhat.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.shellhat.com/privkey.pem

The following renewal configurations were invalid:
/etc/letsencrypt/renewal/shellhat.com.conf

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, Wordpress 4.9


#2

Hi @ttaowang

your https://shellhat.com/ is good. There is a certificate with both domain names www.shellhat.com + shellhat.com.

But your www vHost doesn’t use this certificate. So check your apache configuration to find your vHost with www. Add the www.shellhat.com to your vHost of shellhat.com, then remove the vHost of your old www-version (after creating a backup!).

You don’t need two vHosts, it’s better (and simpler), if you have only one vHost with two domain names and one certificate with the same two domain names.

If that works, you can check your certificates, then with certbot delete remove the no longer used certificates.


#3

Thanks for explaining this to me.

When I ran “certbot certificates” command, the server showed:

Found the following certs:
Certificate Name: www.shellhat.com
Domains: shellhat.com www.shellhat.com
Expiry Date: 2019-01-17 15:28:54+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/www.shellhat.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.shellhat.com/privkey.pem
Certificate Name: shellhat.com
Domains: shellhat.com www.shellhat.com
Expiry Date: 2019-01-17 15:28:54+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/www.shellhat.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.shellhat.com/privkey.pem

But it still shows that the HTTPS connection for https://www.shellhat.com is unsafe and the certificate has problem. Why?

Thank you.

Tao Wang


#4

Your two certificates are good. But

your www-version doesn’t use this certificate.

So check your non-www configuration file and add a ServerAlias with your www.

https://httpd.apache.org/docs/2.4/vhosts/examples.html

<VirtualHost 192.168.1.1 172.20.30.40>
    DocumentRoot "/www/server1"
    ServerName server.example.com
    ServerAlias server
</VirtualHost>

So you have one vHost with two domain names and one certificate with two domain names.

Then remove / comment the other vHost, if such a vHost exists.


#5

It works. Thanks you so much!