I somehow have two separate SSL certificates for the same domain


#1

So I somehow managed to create two separate certifications for the same domain when I initially created my websites using letsencrypt. It only became apparent today when people attempted to start RSVPing for the wedding and people were complaining they were getting insecure information on iphone / ipad devices.

Basically when I use https://www.ssllabs.com/ssltest/analyze.html?d=danandrobyn.com it returns saying there is a certificate mismatch and https://www.ssllabs.com/ssltest/analyze.html?d=www.danandrobyn.com doesn’t have danandrobyn.com listed as a alias. I have no idea how to fix this and I’m using certbot

My domain is: danandrobyn.com

I ran this command: certbot

It produced this output:

a list of domains, I’m noticing it’s asking me to activate HTTPS for both

3: danandrobyn.com
4: www.danandrobyn.com

My web server is (include version): Ubuntu 16.04 LTS running apache

The operating system my web server runs on is (include version): Ubuntu 16.04 LTS running apache

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

What’s the output of certbot certificates?


#3

I fixed it with the following:

sudo certbot --cert-name danandrobyn.com -d danandrobyn.com -d www.danandrobyn.com

And answering the next prompt, and then revoking the duplicate certificate

sudo certbot revoke --cert-path /etc/letsencrypt/live/www.danandrobyn.com/cert.pem


#4

Revoking the other was completely unnecessary, but putting the two names onto one cert was what you needed to do.


#5

Now you have created three certificates today:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:www.danandrobyn.com&lu=cert_search

one only with www.danandrobyn.com, two with both names.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.