I think I messed up my certificate (not general enough)

My domain is: smontanaro.net

I ran this command: certbot --certonly standalone (I think)

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): smontanaro.net
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for smontanaro.net
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/smontanaro.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/smontanaro.net/privkey.pem
   Your cert will expire on 2022-03-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

My web server is (include version): test.smontanaro.net (for now, www eventually)

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

My hosting provider, if applicable, is: Oracle Coud

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

When I visit https://test.smontanaro.net/ Firefox reports:

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for test.smontanaro.net. The certificate is only valid for smontanaro.net.
 
Error code: SSL_ERROR_BAD_CERT_DOMAIN

which tells me everything I need to know, but I don't know where to go from here. Do I re-run certbot and enter a longer list of domain names or is there some sort of wildcard syntax (*.smontanaro.net)? I thought entering smontanaro.net would effectively cover all possible sub-domains, but I was obviously wrong. What do I do with the current certificate? Can it be amended or must it be revoked?

certbot certificates reports:

Found the following certs:
  Certificate Name: smontanaro.net
    Domains: smontanaro.net
    Expiry Date: 2022-03-30 19:24:50+00:00 (VALID: 81 days)
    Certificate Path: /etc/letsencrypt/live/smontanaro.net/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/smontanaro.net/privkey.pem
1 Like

Welcome to the Let's Encrypt Community, Skip :slightly_smiling_face:

Try this:

certbot certonly --standalone -d "smontanaro.net,www.smontanaro.net,test.smontanaro.net"

No need to revoke.

3 Likes

Perfect! Thanks... I held off on www.smontanaro.net for the moment, as that's currently running elsewhere listening to port 80. When my current test server becomes the new www server, I'll re-expand again.

3 Likes

Sounds good. :slightly_smiling_face:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.