Fischerltd.com & www.fischerltd.com certs conflicting?

dfischer4623 · April 26, 2020, 8:36pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.fischerltd.com

I ran this command: https://www.fischerltd.com

It produced this output: This site is not secure, shows cert for fischerltd.com instead of www.fischerltd.com. I have both certs installed.

My web server is (include version): Apache

The operating system my web server runs on is (include version): Debian

My hosting provider, if applicable, is: Google Cloud Platform

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No, SSH

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.28.0

dfischer4623 · April 26, 2020, 8:38pm

Is there a certbot command to remove both certs and then to install the www.fischerltd.com cert (which is the only cert I want loaded). I made the mistake of originally creating/installing fischerltd.com cert.

Osiris · April 26, 2020, 8:48pm

You can expand one of the certs. Check which certificates are stored by certbot with certbot certificates, then choose one of them and with the --cert-name option you can select the certificate you want to change. Then, with the -d option, you can select all the domains you require.

For example, if you have 2 certificates, one with example.com and one with www.example.com you could do:

certbot certificates:

  Certificate Name:   example.com
    Domains:          example.com
    Expiry Date:      2020-07-18 10:01:07+00:00 (VALID: 74 days)
    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
  Certificate Name:   www.example.com
    Domains:          www.example.com
    Expiry Date:      2020-07-18 10:01:12+00:00 (VALID: 74 days)
    Certificate Path: /etc/letsencrypt/live/www.example.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.example.com/privkey.pem

Then you could do:

certbot --cert-name example.com -d example.com -d www.example.com

Which should result in:

certbot certificates:

  Certificate Name:   example.com
    Domains:          example.com www.example.com
    Expiry Date:      2020-07-18 10:01:07+00:00 (VALID: 74 days)
    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
  Certificate Name:   www.example.com
    Domains:          www.example.com
    Expiry Date:      2020-07-18 10:01:12+00:00 (VALID: 74 days)
    Certificate Path: /etc/letsencrypt/live/www.example.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.example.com/privkey.pem

Then, you could delete the superfluous certificate with only the www.example.com domain:

certbot delete --cert-name www.example.com

Note: with this I assume you’re using the apache installer plugin. If you’ve manually installed the certificate, you of course need to check if your Apache configuration points to the correct files in /etc/letsencrypt/live/.

dfischer4623 · April 26, 2020, 8:49pm

that worked, thank you.

dfischer4623 · April 26, 2020, 9:06pm

Sorry, I thought I was okay because I was able to delete both certs. But, when I try to create a new (correct) cert (www.fischerltd.com), the command only allows me to select the wrong domain or C(ancel).

dfischer@mfischerltd-001-vm:/$ sudo certbot certonly --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?

1: fischerltd.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): c

Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.

dfischer@mfischerltd-001-vm:/$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

No certs found.

dfischer@mfischerltd-001-vm:/$

Osiris · April 26, 2020, 9:08pm

Well, that’s what you get when you don’t do as you’re told I guess… I put the delete step after you’d have a working certificate. Now, you’ve got nothing as you already know.

Seems your Apache configuration is wrong, certbot can’t find your www subdomain.

system · May 26, 2020, 9:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.