Domain PROBLEM addon domain is added with a different server

My domain is:elearning.skgo.org

the thing is a comppany ha setup an SSL with lets encrypt but it was for the domain skgo.org alias www.skgo.org
i have another server for a edifferent service and i want to setup https for it domain is elearning.skgo.org
i done it throught cerbot but it just show the top domains cert
not the elearning.skgo.org ...

What did you do (exact command) and what was the output?

The questions you seem to have removed are there for a reason. Removing them just frustrates us volunteers in an attempt to help you. Here are the questions again:


I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


That said, I can see a certificate for elearning.skgo.org issued today: crt.sh | 12811990328. So issuance did work.

4 Likes

no the setup went fine all good no errors ... but i have to different servser one with the domain skgo.org
other elearning.skgo.org ... but on the second server when i vie the page sahows the cert from the first domain ...

Your Apache server is probably not configured properly. Although, it might be for some other reason. The answers to the form would help us know how to get the right info from you to fix this.

You could start by showing us the output of this:

sudo apache2ctl -t -D DUMP_VHOSTS

You may need to use apachectl or httpd instead of apache2ctl depending on your system. Since you didn't answer the questions we don't know what it is. It just makes it more difficult to help you and it will take longer.

4 Likes

Are these two different servers?:

Name:    elearning.skgo.org
Address: 178.254.148.153

Name:    skgo.org
Address: 217.169.210.131
Aliases: www.skgo.org
2 Likes

It sounds a lot like you are running certbot on the wrong server.

1 Like

Yes they are

You may need to install and run certbot on the elearning server.

1 Like

i did ...

What shows?:

certbot certificates

2 Likes

i removed it all since the process also does permanet rediraction to SSL ...
I will do it again but the server is behined PA so not and a firewall can that be an issue?

Anything/Everything can be an issue.

3 Likes

many things can ... so what should i do re run th install"?

You should not have deleted everything, but share the requested information before doing rash things.

As mentioned before we can see a perfectly fine issued certificate for your hostname. So Certbot probably (but hard to say without commands and the output/log) worked just fine.

Maybe you used the certonly command and expected Certbot to install the certificate in your webserver? Maybe the automatic installation wasn't possible?

All questions which can be answered by the requested information and would not have required removal of the perfectly fine certificate.

Also, if the elearning.skgo.org host is different from the host with skgo.org/www.skgo.org, how is it possible that the elearning.skgo.org webserver shows a skgo.org/www.skgo.org certificate? If the skgo.org/www.skgo.org certificate was generated on a completely different server, did you somehow copy it to the elearning.skgo.org host?

So many questions..

3 Likes

If you have access to both servers, then show:

certbot certificates

[from both servers]

2 Likes

2024-04-22 14:35:08,908:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-04-22 14:35:09,045:DEBUG:certbot._internal.main:certbot version: 2.10.0
2024-04-22 14:35:09,045:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3700/bin/certbot
2024-04-22 14:35:09,045:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2024-04-22 14:35:09,045:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-04-22 14:35:09,058:DEBUG:certbot._internal.log:Root logging level set at 30
2024-04-22 14:35:09,058:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-04-22 14:35:09,147:ERROR:certbot.util:Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty

2024-04-22 14:35:16,657:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.37
2024-04-22 14:35:17,010:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f6adcd96b50>
Prep: True
2024-04-22 14:35:17,012:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f6adcd96b50> and installer <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f6adcd96b50>
2024-04-22 14:35:17,012:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-04-22 14:35:17,091:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1686739717', new_authzr_uri=None, terms_of_service=None), 7e4e0701802b440ac00c135752f9aac0, Meta(creation_dt=datetime.datetime(2024, 4, 22, 12, 21, 29, tzinfo=), creation_host='moodle', register_to_eff=None))>
2024-04-22 14:35:17,093:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-04-22 14:35:17,097:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-04-22 14:35:17,571:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 747
2024-04-22 14:35:17,572:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 22 Apr 2024 12:35:17 GMT
Content-Type: application/json
Content-Length: 747
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"29azTRIo_M8": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-04-22 14:35:58,542:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2024-04-22 14:35:58,614:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2024-04-22 14:35:58,616:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/elearning.skgo.org/cert1.pem is signed by the certificate's issuer.
2024-04-22 14:35:58,618:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/elearning.skgo.org/cert1.pem is: OCSPCertStatus.GOOD
2024-04-22 14:35:58,624:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2024-04-22 14:36:11,374:INFO:certbot._internal.main:Keeping the existing certificate
2024-04-22 14:36:11,374:DEBUG:certbot._internal.display.obj:Notifying user: Deploying certificate
2024-04-22 14:36:15,947:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf.d/ssl.conf
2024-04-22 14:36:16,284:INFO:certbot_apache._internal.configurator:Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf
2024-04-22 14:36:16,285:DEBUG:certbot._internal.display.obj:Notifying user: Successfully deployed certificate for elearning.skgo.org to /etc/httpd/conf.d/ssl.conf
2024-04-22 14:36:16,574:DEBUG:certbot_apache._internal.configurator:Did not find http version of ssl virtual host attempting to create
2024-04-22 14:36:16,576:INFO:certbot_apache._internal.configurator:Created redirect file: le-redirect-elearning.skgo.org.conf
2024-04-22 14:36:16,589:INFO:certbot.reverter:Rollback checkpoint is empty (no changes made?)
2024-04-22 14:36:16,788:DEBUG:certbot._internal.display.obj:Notifying user: Congratulations! You have successfully enabled HTTPS on https://elearning.skgo.org
2024-04-22 14:36:16,790:DEBUG:certbot._internal.display.obj:Notifying user: If you like Certbot, please consider supporting our work by:

  • Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
  • Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation
    [root@moodle letsencrypt]# cat letsencrypt.log
    2024-04-22 14:35:08,908:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
    2024-04-22 14:35:09,045:DEBUG:certbot._internal.main:certbot version: 2.10.0
    2024-04-22 14:35:09,045:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3700/bin/certbot
    2024-04-22 14:35:09,045:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
    2024-04-22 14:35:09,045:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2024-04-22 14:35:09,058:DEBUG:certbot._internal.log:Root logging level set at 30
    2024-04-22 14:35:09,058:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
    2024-04-22 14:35:09,147:ERROR:certbot.util:Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty

2024-04-22 14:35:16,657:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.37
2024-04-22 14:35:17,010:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f6adcd96b50>
Prep: True
2024-04-22 14:35:17,012:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f6adcd96b50> and installer <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f6adcd96b50>
2024-04-22 14:35:17,012:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-04-22 14:35:17,091:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1686739717', new_authzr_uri=None, terms_of_service=None), 7e4e0701802b440ac00c135752f9aac0, Meta(creation_dt=datetime.datetime(2024, 4, 22, 12, 21, 29, tzinfo=), creation_host='moodle', register_to_eff=None))>
2024-04-22 14:35:17,093:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-04-22 14:35:17,097:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-04-22 14:35:17,571:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 747
2024-04-22 14:35:17,572:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 22 Apr 2024 12:35:17 GMT
Content-Type: application/json
Content-Length: 747
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"29azTRIo_M8": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-04-22 14:35:58,542:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2024-04-22 14:35:58,614:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2024-04-22 14:35:58,616:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/elearning.skgo.org/cert1.pem is signed by the certificate's issuer.
2024-04-22 14:35:58,618:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/elearning.skgo.org/cert1.pem is: OCSPCertStatus.GOOD
2024-04-22 14:35:58,624:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2024-04-22 14:36:11,374:INFO:certbot._internal.main:Keeping the existing certificate
2024-04-22 14:36:11,374:DEBUG:certbot._internal.display.obj:Notifying user: Deploying certificate
2024-04-22 14:36:15,947:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf.d/ssl.conf
2024-04-22 14:36:16,284:INFO:certbot_apache._internal.configurator:Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf
2024-04-22 14:36:16,285:DEBUG:certbot._internal.display.obj:Notifying user: Successfully deployed certificate for elearning.skgo.org to /etc/httpd/conf.d/ssl.conf
2024-04-22 14:36:16,574:DEBUG:certbot_apache._internal.configurator:Did not find http version of ssl virtual host attempting to create
2024-04-22 14:36:16,576:INFO:certbot_apache._internal.configurator:Created redirect file: le-redirect-elearning.skgo.org.conf
2024-04-22 14:36:16,589:INFO:certbot.reverter:Rollback checkpoint is empty (no changes made?)
2024-04-22 14:36:16,788:DEBUG:certbot._internal.display.obj:Notifying user: Congratulations! You have successfully enabled HTTPS on https://elearning.skgo.org
2024-04-22 14:36:16,790:DEBUG:certbot._internal.display.obj:Notifying user: If you like Certbot, please consider supporting our work by:

Do you need that ssl.conf file?
If so, what happened to that .crt file?
If not, try removing it from the config.

2 Likes

2024-04-22 14:36:16,285:DEBUG:certbot._internal.display.obj:Notifying user: Successfully deployed certificate for elearning.skgo.org to /etc/httpd/conf.d/ssl.conf
2024-04-22 14:36:16,574:DEBUG:certbot_apache._internal.configurator:Did not find http version of ssl virtual host attempting to create
2024-04-22 14:36:16,576:INFO:certbot_apache._internal.configurator:Created redirect file: le-redirect-elearning.skgo.org.conf
2024-04-22 14:36:16,589:INFO:certbot.reverter:Rollback checkpoint is empty (no changes made?)
2024-04-22 14:36:16,788:DEBUG:certbot._internal.display.obj:Notifying user: Congratulations! You have successfully enabled HTTPS on https://elearning.skgo.org
2024-04-22 14:36:16,790:DEBUG:certbot._internal.display.obj:Notifying user: If you like Certbot, please consider supporting our work by:

On your server for this:

Name:    elearning.skgo.org
Address: 178.254.148.153

Please show the output of this command

sudo apache2ctl -t -D DUMP_VHOSTS

You may need to use apachectl or httpd instead of apache2ctl depending on your system.

AND, this one

sudo certbot certificates
2 Likes

the platform i am trying to get the SSL on is currently in use by that i mean there are many online classes done after this period ends i will return and try again