My domain is: flydubbo.com , sylloge.com.au
apache on centos 7 on google cloud with root access
https://www.ssllabs.com/ssltest/analyze.html?d=sylloge.com.au looks perfect
while flydubbo.com gives 'Certificate name mismatch ’
I originally created flydubbo with a bad apache configuration file,
then reran sudo certbot --apache
Should be easy to fix, but first let us take a small inventory of what your current certificates and virtual hosts are:
sudo apachectl -t -D DUMP_VHOSTS
sudo certbot certificates
Once we know this, the optimal way to secure both domains will become more obvious.
[root@flydubbo flydubbo]# sudo apachectl -t -D DUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
*:80 is a NameVirtualHost
default server flydubbo.com (/etc/httpd/conf/httpd.conf:160)
port 80 namevhost flydubbo.com (/etc/httpd/conf/httpd.conf:160)
port 80 namevhost sylloge.com.au (/etc/httpd/conf/httpd.conf:171)
*:443 is a NameVirtualHost
default server flydubbo.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost flydubbo.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost sylloge.com.au (/etc/httpd/conf/httpd-le-ssl.conf:2)
port 443 namevhost flydubbo.com (/etc/httpd/conf/httpd-le-ssl.conf:13)
[root@flydubbo flydubbo]# sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: sylloge.com.au
Domains: sylloge.com.au flydubbo.com www.flydubbo.com www.sylloge.com.au
Expiry Date: 2019-10-23 14:06:51+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/sylloge.com.au/fullchain.pem
Private Key Path: /etc/letsencrypt/live/sylloge.com.au/privkey.pem
You have some duplicate virtual hosts:
That is what will be causing the self-signed issue.
One of those is properly configured with your Let’s Encrypt certificate, and the other one will have the self-signed certificate.
Take a look inside, figure out which file is the right one, and get rid of the other one. Seems like
ssl.conf is probably the one you want to get rid of, but double-check!
thanks for the quick answer, makes sense
I corrupted the ssl.conf file and now apache wont start
so will be a while sorting that out before i know if i fixed it
yum remove and reinstall
error was not having
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.