Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
dpkt.online
I ran this command: https://www.ssllabs.com/ssltest/analyze.html?d=dpkt.online
It produced this output:
certificate name mismatch
(my other server_name, axioms.online)
My web server is (include version):
nginx 1.10.3
The operating system my web server runs on is (include version):
debian 9
My hosting provider, if applicable, is:
digital ocean
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.28.0
I believe the chain of events responsible here is:
I copied one domain’s conf file to be my new domain’s conf, and forgot to remove the ‘managed by certbot’ content
I restarted the server
I believe I then removed the faulty certbot content from the new server block and ran certbot for the new domain, and the file looked good to me now
restarted nginx again
no dice
I investigated further and found that my ‘fullchain.pem’ certs each had multiple entries, and one of them was shared between the two domains.
I deleted the duplicate in my new domain, and restarted nginx
still no dice
the new domain seems to use the cert for the old domain no matter what
And yes, in copying the conf file over, I did go through line by line to make sure it all references my new domain, not the old one
thanks for the reply, I’m attempting to serve two experimental apps through one IP.
I’ve had this working in the past, but I think it was luck …
I’ve narrowed down the problem slightly (as to why ‘dpkt’ domain attempts ‘axioms’ cert):
When visiting the new domain, ‘dpkt.online’, here is what the browser shows when you expand the error:
# Your connection is not private
Attackers might be trying to steal your information from **www.dpkt.online** (for example, passwords, messages, or credit cards). [Learn more](chrome-error://chromewebdata/#)
NET::ERR_CERT_COMMON_NAME_INVALID
Subject: axioms.online
Issuer: Let's Encrypt Authority X3
Expires on: Nov 4, 2019
Current date: Aug 30, 2019
PEM encoded chain:-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISA265Z13s......
Notice how ‘subject’ is for the other domain, axioms.
In the PEM chain are three certificates.
My axioms fullchain.pem has 2 certificates, I think this must be a problem? I don’t know how it happened. All others have 1.
Can I simply do a certbot delete and re-run ?