How to solve problem with one ip address with more than 2 domain name

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain are: davidlu.info, vocway.com

I ran this command: Alternative names - INVALID for davidlu.info. vocway.com is fine

It produced this output: It’s fine, no problem for set up, but https://davidlu.info/ is not secure (Certificate inValid)

My web server is (include version): Apache Version 2.4.6

The operating system my web server runs on is (include version): Centos 7.6.1810

My hosting provider, if applicable, is: davidlu.info (67.231.24.146)

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): No, but I could use wedmin to configure let’s encrypt.

Thank you,

Hi @david2016lu

you have some certificates created - https://check-your-website.server-daten.de/?q=davidlu.info#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-07-01 2019-09-29 davidlu.info - 1 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-06-30 2019-09-28 davidlu.info, vocway.com, www.davidlu.info, www.vocway.com - 4 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-06-26 2019-09-24 davidlu.info - 1 entries duplicate nr. 1

But you don’t use the certificate with 4 domain names, instead you use a self signed.

E=root@davidlu, CN=davidlu, OU=SomeOrganizationalUnit, 
O=SomeOrganization, L=SomeCity, S=SomeState, C=--
	01.07.2019
	30.06.2020
expires in 365 days

There are two different options:

  • use the correct certificate (or)
  • create one certificate with www.davidlu.info + davidlu.info and use that

What says

apachectl -S
1 Like

[root@davidlu ~]# apachectl -S
VirtualHost configuration:
67.231.24.146:* is a NameVirtualHost
default server vocway.com (/etc/httpd/conf/httpd.conf:361)
port * namevhost vocway.com (/etc/httpd/conf/httpd.conf:361)
port * namevhost vocway.com (/etc/httpd/conf/httpd.conf:373)
port * namevhost davidlu.info (/etc/httpd/conf/httpd.conf:386)
port * namevhost davidlu.info (/etc/httpd/conf/httpd.conf:398)
port * namevhost test.vocway.com (/etc/httpd/conf/httpd.conf:411)
port * namevhost Joomla.vocway.com. (/etc/httpd/conf/httpd.conf:420)
port * namevhost davidlu.info (/etc/httpd/conf/httpd.conf:429)
67.231.24.146:443 is a NameVirtualHost
default server davidlu.info (/etc/httpd/conf/httpd-le-ssl.conf:2)
port 443 namevhost davidlu.info (/etc/httpd/conf/httpd-le-ssl.conf:2)
port 443 namevhost davidlu.info (/etc/httpd/conf/httpd-le-ssl.conf:19)
alias www.davidlu.info
port 443 namevhost vocway.com (/etc/httpd/conf/httpd-le-ssl.conf:35)
port 443 namevhost vocway.com (/etc/httpd/conf/httpd-le-ssl.conf:50)
alias www.vocway.com
*:443 davidlu.info (/etc/httpd/conf.d/ssl.conf:56)
: davidlu.info (/etc/httpd/conf/httpd.conf:353)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
PidFile: “/run/httpd/httpd.pid”
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48

Thank you so much Juergen Auer. A great solution to solve problems. I am new to VPS server, I used centos 6 before and did implement let’s encrypt, unfortunately, my VPS server fail, so I re-install VPS server centos 7.

Just one more question, how come my Webmin (https://davidlu.info:10000) is secured with valid Certificate from Let’s encrypt?

Thank you,

There

is the problem. Duplicated entries.

Every combination of port and domain name must be unique. If not, the wrong vHost may be used.

Merge both to one vHost, same with all other duplicated entries.

1 Like

Thank you very much Juergen Auer, great trouble shoot. Should I delete 1 - 9 in the image :slight_smile:? and other is same as you tell me :slight_smile:

Thank you,

That’s not enough.

Remove complete vHost definitions <VirtualHost> ... </VirtualHost>. But you must check every definition and select the correct entry.

1 Like

Thank you Juergen Auer, great help.

I am scared to edit httpd-le-ssl.conf file. I am so new to Linux server, I do backup it. Have a great day! :slight_smile:

Thank you,

Hi Juergen Auer,

I edit /etc/httpd/conf/httpd-le-ssl.conf and use certificate with 4 domain names, but it does not work :(.

Should I " …* create one certificate with www.davidlu.info + davidlu.info and use that …"?

Thank you,

Your output is bad.

Now you have 6 vHosts with davidlu.info. You need 2 - one port 80, one port 443. Nothing else.

And don’t use *:* definitions, that can’t work if you want to use http and https.

1 Like

Thank you, Juergen Auer, Please take a look: :slight_smile:

SSLquestion

You have again two port 443 davidlu.info vHosts.

One with the ip:443 and one global *:443.

It’s enough if you use only the *:443 version, then you have an ip-independend configuration, makes it easier if you change your ip.

2 Likes

Thank you very much Juergen Auer. You are solid. I try to follow your guide and after try and trỵ I finally make my two websites secure, but I don’t understand why it works. :smile:

Thanks again. Wish you the best

1 Like

Happy to read that it now works :+1::heart_eyes:

Compare your last output with your first.

Now you have only one vHost per domain per port. So Certbot is able to understand your configuration.

2 Likes

Thank you Juergen be patient with me. With your help, I learn how to configure domain name, vhost, and trouble shoot ssl, global NameVirtualHost, etc.

Great help, Juergen :+1::clap::heart_eyes:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.