Err_cert_common_name_invalid

I have just installed SSL certificates with CertBot. However, now when I navigate to my website (canarywharfian.co.uk) I receive a warning saying ERR_CERT_COMMON_NAME_INVALID. Why is that, and how can I fix it?

Hello @GoEagles999,

The certificate served by your Apache server is only valid for www.canarywharfian.co.uk that is the reason for the error when you try to access using canarywharfian.co.uk.

I can see that you issued two independent certificates, one valid only for www.canarywharfian.co.uk and one valid only for canarywharfian.co.uk.

You have at least two options:

1.- Configure two independent VirtualHost on your Apache web server (one for www.canarywharfian.co.uk and one for canarywharfian.co.uk) and configure each of them to point to the right certificate.

2.- Issue a new certificate that covers both domains and use it in your VirtualHost.

Cheers,
sahsanu

1 Like

Hi @sahsanu,

Thanks. What exactly do you mean by ‘using them in VirtualHost’? When I issue a new certificate am I supposed to get a .cert,. key and .pem file, and then include them?

@GoEagles999,

I suppose you have now something like this:

<VirtualHost *:443>
ServerName  canarywharfian.co.uk
ServerAlias www.canarywharfian.co.uk
[...]
Here the SSL directives pointing to your certificate only valid for one domain.
[...]
</VirtualHost>

As you can’t use two different certificates in the same VirtualHost you need to remove the ServerAlias in one of them and create a new one only for that domain so you will get something like this:

<VirtualHost *:443>
ServerName  canarywharfian.co.uk
[...]
Here the SSL directives pointing to your certificate only valid for canarywharfian.co.uk domain.
[...]
</VirtualHost>

<VirtualHost *:443>
ServerName  www.canarywharfian.co.uk
[...]
Here the SSL directives pointing to your certificate only valid for www.canarywharfian.co.uk domain.
[...]
</VirtualHost>

Cheers,
sahsanu

Thank you very much!

1 Like

I have did what you say, but now if I am trying to access my site I am getting an access denied error message. I am guessing because plain http is trying to listen to port 80? But how come other websites come up with https even though I don’t specify that?

Port 80 should use plain http so that is correct.

I don't know what you mean.

If you paste here the conf you are using for your sites maybe we can help you to fix them.

Here’s one of my .conf files (in sites-enabled directory):
<VirtualHost *:80>
ServerAdmin canarywharfian@canarywharfian.co.uk
DocumentRoot /var/www/cw

ServerName canarywharfian.co.uk

<Directory “/var/www/cw”>
Options -Indexes +FollowSymLinks +Includes +ExecCGI
AllowOverride All
Order allow,deny

Allow from all

ErrorLog "/var/log/apache2/cw-error.log"
CustomLog “/var/log/apache2/cw-access.log” combined
LogFormat “%h %l %u %t “%m %U %H” %>s %b” common_no_querystring

Alias /phpmyadmin /var/www/phpmyadmin

<Directory /var/www/phpmyadmin/>

DirectoryIndex index.php

Options +FollowSymLinks -Indexes
AllowOverride ALL

order deny,allow
#deny from all
#allow from 127.0.0.0/255.0.0.0 ::1/128
allow from all

#RewriteEngine On
#RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ https://%{HTTP_HOST}/phpmyadmin [R,L]

<IfModule mod_php5.c>
  php_flag magic_quotes_gpc Off
  php_flag track_vars On
  php_value include_path .

</IfModule>
RewriteEngine on RewriteCond %{SERVER_NAME} =canarywharfian.co.uk [OR] RewriteCond %{SERVER_NAME} =www.canarywharfian.co.uk RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

SSLCertificateFile /etc/letsencrypt/live/canarywharfian.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/canarywharfian.co.uk/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

And the other:

<VirtualHost *:443>
ServerAdmin canarywharfian@canarywharfian.co.uk
DocumentRoot /var/www/cw

ServerName www.canarywharfian.co.uk

<Directory “/var/www/cw”>
Options -Indexes +FollowSymLinks +Includes +ExecCGI
AllowOverride All
Order allow,deny

Allow from all

ErrorLog "/var/log/apache2/cw-error.log"
CustomLog “/var/log/apache2/cw-access.log” combined
LogFormat “%h %l %u %t “%m %U %H” %>s %b” common_no_querystring

Alias /phpmyadmin /var/www/phpmyadmin

<Directory /var/www/phpmyadmin/>

DirectoryIndex index.php

Options +FollowSymLinks -Indexes
AllowOverride ALL

order deny,allow
#deny from all
#allow from 127.0.0.0/255.0.0.0 ::1/128
allow from all

#RewriteEngine On
#RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ https://%{HTTP_HOST}/phpmyadmin [R,L]

<IfModule mod_php5.c>
  php_flag magic_quotes_gpc Off
  php_flag track_vars On
  php_value include_path .

</IfModule>
SSLCertificateFile /etc/letsencrypt/live/www.canarywharfian.co.uk/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.canarywharfian.co.uk/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf

Hello @GoEagles999,

It is a bit hard to read the files but in the first one you are using <VirtualHost *:80> and it should be <VirtualHost *:443> if that is the conf file that you want to use for https, If it is really for https then you should remove or change your rewrite rules because this will create an infinite loop

RewriteEngine on
RewriteCond %{SERVER_NAME} =canarywharfian.co.uk [OR]
RewriteCond %{SERVER_NAME} =www.canarywharfian.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

Also, you have 2 <Directory> directives but you are not closing them, I mean, for example this:

<Directory “/var/www/cw”>
Options -Indexes +FollowSymLinks +Includes +ExecCGI
AllowOverride All
Order allow,deny

Allow from all

should be this:

<Directory “/var/www/cw”>
Options -Indexes +FollowSymLinks +Includes +ExecCGI
AllowOverride All
Order allow,deny

Allow from all
</Directory>

Regarding the second conf file, I see no issues other than the same problem with the Directory directive, you are not closing them.

Cheers,
sahsanu

All done. I am now getting an access denied error if I navigate to the site, saying I don’t have access on port 80 by Apache.

@GoEagles999, but do you have any conf file for your domains that uses port 80?.

If you want to redirect your domains to https when you visit your site using http then you need to add something like this to your conf:

<VirtualHost *:80>
  ServerAdmin canarywharfian@canarywharfian.co.uk
  ServerName canarywharfian.co.uk
  ServerAlias www.canarywharfian.co.uk
  RewriteEngine on
  RewriteCond %{SERVER_NAME} =canarywharfian.co.uk [OR]
  RewriteCond %{SERVER_NAME} =www.canarywharfian.co.uk
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

Cheers,
sahsanu

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.