Error Unable to install the certificate (español)

Estoy intentando instalar un certificado para un nuevo sitio web pero me da el siguiente error "Unable to install the certificate" Could not reverse map the HTTPS VirtualHost to the original.
Tengo ubuntu 16 y apache. Tengo varias web corriendo sin problemas y con el certificado instalado pero al realizar la instalación de mi nuevo sitio me da este error. He realizado los mismos pasos que en ocasiones anteriores pero ahora no funciona, he visto que los archivos que genera en /etc/letsencrypt tienen permisos diferentes. Tampoco me genera en /etc/apache2/sites-available el archivo ssl correspondiente¿Qué puedo hacer para solventar el problema?
Mi dominio es distribuidor.opentach.com

Muchas gracias

I am trying to install a certificate for a new website but I get the following error "Unable to install the certificate" Could not reverse the HTTPS VirtualHost to the original.
I have ubuntu 16 and apache. I have several web running without problems and with the certificate installed but when I installed my new site it gives me this error. I have performed the same steps as in the past but now it does not work, I have seen that the files it generates in / etc / letsencrypt have different permissions. Neither does it generate in / etc / apache2 / sites-available the corresponding ssl file. What can I do to solve the problem?
My domain is distribuidor.opentach.com
Thank you

Hi @guzmangr

you have created some new certificates ( https://check-your-website.server-daten.de/?q=distribuidor.opentach.com#ct-logs ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
952317872 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-06-06 06:53:31 2019-09-04 06:53:31 distribuidor.opentach.com, www.distribuidor.opentach.com - 2 entries duplicate nr. 2
952277258 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-06-06 06:25:05 2019-09-04 06:25:05 distribuidor.opentach.com, www.distribuidor.opentach.com - 2 entries duplicate nr. 1
937741590 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-29 15:23:55 2019-08-27 15:23:55 distribuidor.opentach.com, www.distribuidor.opentach.com - 2 entries
937369436 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-29 10:32:51 2019-08-27 10:32:51 distribuidor.opentach.com, www.distribuidor.opentach.com - 2 entries
937366296 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-29 10:29:18 2019-08-27 10:29:18 distribuidor.opentach.com - 1 entries
937306448 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-29 09:38:57 2019-08-27 09:38:57 distribuidor.opentach.com, www.distribuidor.opentach.com - 2 entries
937220199 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-29 08:30:17 2019-08-27 08:30:17 distribuidor.opentach.com, www.distribuidor.opentach.com - 2 entries
937215926 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-29 08:27:14 2019-08-27 08:27:14 distribuidor.opentach.com - 1 entries

So that part works.

Your urls:

Domainname Http-Status redirect Sec. G
http://distribuidor.opentach.com/
212.89.13.57 301 http://www.distribuidor.opentach.com/ 4.957 D
http://www.distribuidor.opentach.com/
212.89.13.57 200 5.270 H
https://distribuidor.opentach.com/
212.89.13.57 301 https://www.asesoriaadr.com/ 2.246 N
Certificate error: RemoteCertificateNameMismatch
https://www.distribuidor.opentach.com/
212.89.13.57 301 https://www.asesoriaadr.com/ 1.893 N
Certificate error: RemoteCertificateNameMismatch
https://www.asesoriaadr.com/ 200 2.307 B

Looks like https uses the wrong vHost, but that may be an error because of your main error message:

How old is your certbot?

certbot --version

Sounds like Certbot doesn’t understand your port 80 configuration, so Certbot isn’t able to create the correct port 443 vHost.

What says

apachectl -S

X-Redirect-By: WordPress

Perhaps that’s part of the problem - additional definitions outside of your vHost configuration.

What’s your port 80 vHost config?

my version is certbot 0.28.0
but I have several pages that work correctly, it may be when changing the ssl version

if i run apachectl -S
AH00558: apache2: Could not reliably determine the server’s fully qualified doma in name, using 127.0.0.1. Set the ‘ServerName’ directive globally to suppress th is message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server asesoriaadr.com (/etc/apache2/sites-enabled/adr-le-ssl.c onf:2)
port 443 namevhost asesoriaadr.com (/etc/apache2/sites-enabled/adr-le-s sl.conf:2)
alias www.asesoriaadr.com
port 443 namevhost robkey.es (/etc/apache2/sites-enabled/robkey-le-ssl. conf:2)
alias www.robkey.es
port 443 namevhost tacholab.es (/etc/apache2/sites-enabled/tacholab-le- ssl.conf:2)
alias www.tacholab.es
port 443 namevhost valleonabogados.com (/etc/apache2/sites-enabled/vall eonabogados-le-ssl.conf:2)
alias www.valleonabogados.com
*:80 is a NameVirtualHost
default server 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1 )
port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-default.con f:1)
port 80 namevhost asesoriaadr.com (/etc/apache2/sites-enabled/adr.conf: 2)
alias www.asesoriaadr.com
port 80 namevhost distribuidor.opentach.com (/etc/apache2/sites-enabled /distribuidor.opentach.conf:1)
alias www.distribuidor.opentach.com
port 80 namevhost robkey.es (/etc/apache2/sites-enabled/robkey.conf:1)
alias www.robkey.es
port 80 namevhost solicitud.lexeduca.es (/etc/apache2/sites-enabled/sol icitud.lexeduca.conf:1)
alias www.solicitud.lexeduca.es
port 80 namevhost tachocable.com (/etc/apache2/sites-enabled/tachocable .conf:2)
alias www.tachocable.com
port 80 namevhost tacholab.es (/etc/apache2/sites-enabled/tacholab.conf :1)
alias www.tacholab.es
port 80 namevhost valleonabogados.com (/etc/apache2/sites-enabled/valle onabogados.conf:1)
alias www.valleonabogados.com
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33 not_used
Group: name=“www-data” id=33 not_used

my config vHost is
<VirtualHost *:80>
ServerName distribuidor.opentach.com
ServerAlias www.distribuidor.opentach.com
DocumentRoot /var/www/html/plataforma
ServerAdmin webmaster@misitio.com
ErrorLog {APACHE_LOG_DIR}/error.log CustomLog {APACHE_LOG_DIR}/access.log combined

Thank you

Most looks ok.

But there

is an idea:

If you have redirects http -> https to another domain without having a correct working certificate, that’s a problem.

And you have such a redirect:

Domainname Http-Status redirect Sec. G
http://distribuidor.opentach.com/
212.89.13.57 301 http://www.distribuidor.opentach.com/ 4.957 D
http://www.distribuidor.opentach.com/
212.89.13.57 200 5.270 H
https://distribuidor.opentach.com/
212.89.13.57 301 https://www.asesoriaadr.com/ 2.246 N
Certificate error: RemoteCertificateNameMismatch
https://www.distribuidor.opentach.com/
212.89.13.57 301 https://www.asesoriaadr.com/ 1.893 N
Certificate error: RemoteCertificateNameMismatch

The distribuidor - subdomain redirects to the asesoriaadr domain.

So remove these redirects.

Same with .htaccess redirects.

Thank you,

I’m sorry but I do not understand very well. Where do I have these redirections? How do I eliminate them?Do I have to delete the certificate?
my .htaccess is the following

BEGIN WordPress

RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]

END WordPress

1 Like

Check your vHosts - port 80 and port 443.

Looks like there is the wrong vHost used (perhaps the vHost of another domain).

So first create an own port 80 vHost and an own port 443 vHost with that domain name, so you can change the definition without having effects to your other domains.

Hello,
The certificate runs on the web but it still gives me an error when installing. The website show without problem. What was done manually and works but the loading speed is very slow. And I think the redirects are. I do not know where they are removed
thank you

Now your certificate is good ( https://check-your-website.server-daten.de/?q=distribuidor.opentach.com ):

All urls are ok. Not perfect (Grade E), but no Grade N:

And your certificate is new:

CN=distribuidor.opentach.com
	10.06.2019
	08.09.2019
expires in 90 days	
distribuidor.opentach.com, www.distribuidor.opentach.com - 2 entries

No, the redirects aren’t relevant.

Check your site with FireFox or Chrome (Console), your site needs 3 seconds to answer. That’s bad.

Correct redirects -> every user sees only one time these redirects. That’s not a problem.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.