First domain has error, 2nd works

My domain is: flydubbo.com , sylloge.com.au
apache on centos 7 on google cloud with root access
certbot 0.35.1

https://www.ssllabs.com/ssltest/analyze.html?d=sylloge.com.au looks perfect
while flydubbo.com gives 'Certificate name mismatch ’

I originally created flydubbo with a bad apache configuration file,
I deleted
/etc/letsencrypt/
& httpd-le-ssl.conf
then reran sudo certbot --apache

1 Like

Should be easy to fix, but first let us take a small inventory of what your current certificates and virtual hosts are:

sudo apachectl -t -D DUMP_VHOSTS
sudo certbot certificates

Once we know this, the optimal way to secure both domains will become more obvious.

1 Like

[root@flydubbo flydubbo]# sudo apachectl -t -D DUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
VirtualHost configuration:
*:80 is a NameVirtualHost
default server flydubbo.com (/etc/httpd/conf/httpd.conf:160)
port 80 namevhost flydubbo.com (/etc/httpd/conf/httpd.conf:160)
alias www.flydubbo.com
port 80 namevhost sylloge.com.au (/etc/httpd/conf/httpd.conf:171)
alias www.sylloge.com.au
*:443 is a NameVirtualHost
default server flydubbo.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost flydubbo.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost sylloge.com.au (/etc/httpd/conf/httpd-le-ssl.conf:2)
alias www.sylloge.com.au
port 443 namevhost flydubbo.com (/etc/httpd/conf/httpd-le-ssl.conf:13)
alias www.flydubbo.com

[root@flydubbo flydubbo]# sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: sylloge.com.au
Domains: sylloge.com.au flydubbo.com www.flydubbo.com www.sylloge.com.au
Expiry Date: 2019-10-23 14:06:51+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/sylloge.com.au/fullchain.pem
Private Key Path: /etc/letsencrypt/live/sylloge.com.au/privkey.pem


[root@flydubbo flydubbo]#

You have some duplicate virtual hosts:

and

That is what will be causing the self-signed issue.

One of those is properly configured with your Let's Encrypt certificate, and the other one will have the self-signed certificate.

Take a look inside, figure out which file is the right one, and get rid of the other one. Seems like ssl.conf is probably the one you want to get rid of, but double-check!

2 Likes

thanks for the quick answer, makes sense
I corrupted the ssl.conf file and now apache wont start
so will be a while sorting that out before i know if i fixed it

1 Like

fix was
yum remove and reinstall

error was not having

httpd.conf
ServerName something
<VirtualHost *:80>
ServerName somethingelse

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.