Domain SAN is conflicting with another domain


#1

Hi,

I have a issue with one of my domains. I have 4 domains in my server. However one domain’s SAN is conflicting with another domain. I deleted certificates and re-issued all of them again but the problem is still there. All of my domains works with https://www..

I ran a SSL check and only 2 variants show the SAN correctly. I will explain,

1) http://wpsnappy.com -> Shows another domain as SANs
2) https://wpsnappy.com -> Shows another domain as SANs
3) http://www.wpsnappy.com -> SSL check is okay
4) https://www.wpsnappy.com -> SSL check is okay

Why does this happen? I have 4 domains in the server, no matter how I change the installation order of those domains, it still shows only the hostingexplorer.com as SAN.

Can anyone tell me what should I do?

My domain is: wpsnappy.com

I ran this command:

To generate SSL (sudo certbot --manual -d wpsnappy.com -d "*.wpsnappy.com" --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 certonly)

It produced this output:

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Probably, you need to change:

server_name www.wpsnappy.com;

to

server_name wpsnappy.com *.wpsnappy.com;

#3

Hi @_az

I tried but then I get this

10

Is there anything to do with the certificate itself?


#4

No, the certificate is fine.

The problem is that nginx isn’t mapping the domain to the right certificate.

I strongly suspect that you have a wrong server_name somewhere. Did you reload nginx after fixing it?

What do these show:

sudo ss -tlnp | grep 443
grep -Ri server_name /etc/nginx
nginx -t

#5

@_az

I ran these commands and the followings are the outputs I got

For sudo ss -tlnp | grep 443,

LISTEN   0         128                 0.0.0.0:443              0.0.0.0:*        users:(("nginx",pid=9429,fd=14),("nginx",pid=9428,fd=14),("nginx",pid=9427,fd=14))
LISTEN   0         128                    [::]:443                 [::]:*        users:(("nginx",pid=9429,fd=15),("nginx",pid=9428,fd=15),("nginx",pid=9427,fd=15))

For grep -Ri server_name /etc/nginx,

/etc/nginx/fastcgi_params:fastcgi_param  SERVER_NAME        $server_name;
/etc/nginx/nginx.conf:	# server_names_hash_bucket_size 64;
/etc/nginx/nginx.conf:	# server_name_in_redirect off;
/etc/nginx/nginx.conf:		server_name _;
/etc/nginx/sites-enabled/wpblogsetup.com:	server_name www.wpblogsetup.com;
/etc/nginx/sites-enabled/wpblogsetup.com:	server_name wpblogsetup.com www.wpblogsetup.com;
/etc/nginx/sites-enabled/wpsnappy.com:	server_name www.wpsnappy.com;
/etc/nginx/sites-enabled/wpsnappy.com:	server_name wpsnappy.com www.wpsnappy.com;
/etc/nginx/sites-enabled/stackpartner.com:	server_name www.stackpartner.com;
/etc/nginx/sites-enabled/stackpartner.com:	server_name stackpartner.com www.stackpartner.com;
/etc/nginx/sites-enabled/hostingexplorer.com:	server_name www.hostingexplorer.com;
/etc/nginx/sites-enabled/hostingexplorer.com:	server_name hostingexplorer.com www.hostingexplorer.com;
/etc/nginx/scgi_params:scgi_param  SERVER_NAME        $server_name;
/etc/nginx/sites-available/wpblogsetup.com:	server_name www.wpblogsetup.com;
/etc/nginx/sites-available/wpblogsetup.com:	server_name wpblogsetup.com www.wpblogsetup.com;
/etc/nginx/sites-available/wpsnappy.com:	server_name www.wpsnappy.com;
/etc/nginx/sites-available/wpsnappy.com:	server_name wpsnappy.com www.wpsnappy.com;
/etc/nginx/sites-available/stackpartner.com:	server_name www.stackpartner.com;
/etc/nginx/sites-available/stackpartner.com:	server_name stackpartner.com www.stackpartner.com;
/etc/nginx/sites-available/hostingexplorer.com:	server_name www.hostingexplorer.com;
/etc/nginx/sites-available/hostingexplorer.com:	server_name hostingexplorer.com www.hostingexplorer.com;
/etc/nginx/fastcgi.conf:fastcgi_param  SERVER_NAME        $server_name;
/etc/nginx/uwsgi_params:uwsgi_param  SERVER_NAME        $server_name;

This is my server block for wpsnappy.com in nginx/sites-available

fastcgi_cache_path /var/www/wpsnappy.com/cache levels=1:2 keys_zone=WPSNAPPY:100m inactive=60m;

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name www.wpsnappy.com;

	ssl_certificate /etc/letsencrypt/live/wpsnappy.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/wpsnappy.com/privkey.pem;

	access_log /var/www/wpsnappy.com/logs/access.log;
	error_log /var/www/wpsnappy.com/logs/error.log;

	root /var/www/wpsnappy.com/public_html;

	index index.php;

	include global/restrictions.conf;
	include global/cache-rules.conf;

	location / {
		try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		fastcgi_cache_bypass $no_cache;
		fastcgi_no_cache $no_cache;
		fastcgi_cache WPSNAPPY;
		fastcgi_cache_valid 200 60m;
	}

	location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
		expires max;
		log_not_found off;
	}
}

server {
	listen 80;
	listen [::]:80;
	server_name wpsnappy.com www.wpsnappy.com;

	ssl_certificate /etc/letsencrypt/live/wpsnappy.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/wpsnappy.com/privkey.pem;

	return 301 https://www.wpsnappy.com$request_uri;
}

Do you think it has to do something with my redirection to https://www?

Thanks for the help!


#6

There’s your problem. Make the change I suggested earlier:


#7

@_az

Thank you! That fixed the problem and now I’m not getting any error. Everything is working smoothly.

Thank you again!


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.