Help in fixing this commonname mismatch


Hello All,
(I ask forgiveness ahead of time using generic names but the site is an adult workers discussion site)

used certbot on my centos 6.5 Apache server. Script asks which 2 names

Which names would you like to activate HTTPS for?


I enter blank so it will do both. check my site with SSL Labs analyze and it gives error message says common name mismatch. It lists name of server as The server was given this name by original sysadmin who used it to create postfix mail system. If I do a hostname -f it returns

[root@mail postfix]# hostname -f

I then did a certbot rollback to go back to original non-https configuration. What can i do to resolve this?

other file info while letsencrypt ssl was installed:


certificate can be generated using the genkey(1) command.

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key


ServerAlias 111.222.333.444
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
SSLCertificateChainFile /etc/letsencrypt/live/


What’s the output of the following command?

apachectl -S


[root@mail user]# apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and default servers:
*:443 is a NameVirtualHost
default server (/etc/httpd/conf.d/ssl.conf:74)
port 443 namevhost (/etc/httpd/conf.d/ssl.conf:74)
port 443 namevhost (/etc/httpd/conf/httpd-le-ssl.conf:2)
alias 111.222.333.444
*:80 is a NameVirtualHost
default server (/etc/httpd/conf/httpd.conf:1013)
port 80 namevhost (/etc/httpd/conf/httpd.conf:1013)
alias 111.222.333.444
Syntax OK


Okay so it looks like the VirtualHost in /etc/httpd/conf.d/ssl.conf would be taking precedence over the (presumably correct) one in /etc/httpd/conf/httpd-le-ssl.conf - if I’m reading that right, it would mean that should work correctly (even if only to redirect to but would be using the wrong VirtualHost and therefore the wrong certificate.

I believe you should be able to fix it by removing or commenting out the rogue VirtualHost in /etc/httpd/conf.d/ssl.conf on or around line 74 (back it up first obviously) and running certbot again. It should ask if you just want to reinstall the existing certificate, say yes.


Thank you for your assistance. Line 74 in ssl.conf is

<VirtualHost _default_:443 >

I will make a backup, then comment that out and run certbot again and let you know the results.


Just in case it wasn’t clear, you should comment out everything from there down to the following </VirtualHost>, not just that one line :slight_smile:


Thanks for that clarification. There were quite a few lines for that Virtual host definition. I removed them all and reran certbot. This time success! The site is showing SECURE on every web page.

Greatly appreciated!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.