I’ve installed for a domain a certificate for a test and this worked fine. I removed the certs from /etc/live/domainX/ (as well as /renew /archiv …) from the server, apache2 restart and now it should run at port 80 as usual, but it don’t.
he certificate is only valid for the following names: DomainYcom, www.domainY.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN
"<DomainX.de> verwendet ein ungültiges Sicherheitszertifikat."
In english the “<DomainX.de>uses an invalid security certificate” but all is removed and it shows on an certificate which is for a other domainY on the server which is not connected in any way.
So where are all the installed files & links to delete after installing via #certbot --apache -domainX the certificate?
The file usually located in /etc/letsencrypt/live/domain.tld/ (Might vary in different cases)
Please fill in the following form so we can help you:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
If you want to undo the proces, usually you would also need to remove the virtual host configuration from /etc/apache2/sites-available and /etc/apache2/sites-enabled, which are usually called something-le-ssl.conf and are based on your previous non-HTTPS virtual hosts. However, it is strange that you didn't get an error after deleting the certificate files without removing the virtual hosts, because deleting the certificates without changing the Apache configuration should have left Apache in a state where it couldn't start up at all.
i delete everything what has to do with the certificate, removed the
domain-le-ssl.conf and re-attached the original (port 80) conf.
but check by yourselfits the domainX “baumangel-baurecht.de” and it
shows on a other certificate for whatever reason… and its in the
meantime impossible to point with the *.conf into the directory of the
domainX- its a mess!
So, there is still a redirection rule in your HTTP virtual host. If you don’t want that redirection, you’ll have to find it and remove it. It will either start with Redirect or RewriteRule. It is redirecting HTTP URLs to the corresponding HTTPS URLs, which then produces a certificate error.
The fact that the server answers in HTTPS and presents another certificate is unavoidable when sharing a server with multiple sites, at least one of which supports HTTPS. It will always be possible to attempt to connect via HTTPS if any HTTPS virtualhost is listening on the same IP address, but if no appropriate certificate is configured, none will be returned to the browser.
Thanks for the answer, but the redirection is the first thing to remove and this was the very first step, but its still points to the wrong address, here the domain.conf in the /etc/apache2/sites-available/ directory
currently I’m trying to fix it anyhow. I see the message that it redirects to the other domain (cybersec). But even if I’ll turn off this site (cybersec) the https shows on the next https site! And so forth… It looks like, that doesn’t matter what I do, the pattern of this bug is: just take ANY certificate available on this server!
The other thing you realize is obvious: the first virtualhost which applies for port 443 (https) will be taken unless you don't have a matching virtualhost. This is called the default virtual host - the same applies for http.
You have to configure a virtualhost for baumangel-baurecht.de (ServerName) to apply the correct certificate for it.
Update: if change to <virtualhost *:80> it just jumps to the next page, ignoring the settings in the conf (like DocumentRoot “/var/www/site/docs”)
-> I just rebuild the original entry (with the IP) and now you can see the redirect on the - for this site - “wrong” certificate.
Back to question one: where is the entry which forces any domain to https and in this case, if I’ve removed the https “flag” from this domains, it shouldnt search for the next certificate at all