Installed certbot earlier, work properly one site, but not the other

bastian · April 6, 2023, 2:49pm

Hello, thanks for helping me.

I have 3 domains for 2 sites : guidednormandytours.com and guided-normandy-tours.com for the first site
visiteralenconetorne.com for the second site.

I ran the commands i found on the official documentation for debian 10 on apache :

1 : apt install snapd
2 : snap install core; snap refresh core
3 : snap install --classic certbot
4 : ln -s /snap/bin/certbot /usr/bin/certbot
5 ; i ran "certbot --apache" and indicated my 3 domains
everything was OK

6 : i restarted my apache "systemctl restart apache2"

It worked properly on visiteralenconerorne.com, but didn't work on guidednormandytours.com.

i had no special output who indicate issue

My web server is : Server version: Apache/2.4.56 (Debian)
Server built: 2023-03-08T03:05:04

on debian bullseye up to date : SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux

My hosting provider, if applicable, is: OVH.com

I can login to a root shell on my machine : yup:

I'm using a control panel to manage my site (no, but i can)

im using certbot 2.5.0

i check my apache site-enable, bot ssl configuration for the virtual host are there.

Thx for reading this, and sorry for my english. hope you can help.

bastian · April 6, 2023, 2:58pm

I also tried something elese after,

I regenerated one certificat for all my domains like this :

certbot -d guided-normandy-tours.com -d guidednormandytours.com -d visiteralenconetorne.com

and restarted again, no succed

Bruce5051 · April 6, 2023, 3:05pm

Hello @bastian, welcome to the Let's Encrypt community.

You are correct; the certificate has the Subject Alt Names (SANs)

The issue is https://guided-normandy-tours.com redirect to https://www.guided-normandy-tours.com and www.guided-normandy-tours.com is NOT in the Certificate's SANs.

$ curl -Ii https://guided-normandy-tours.com
HTTP/1.1 301 Moved Permanently
Date: Thu, 06 Apr 2023 15:01:04 GMT
Server: Apache/2.4.56 (Debian)
X-Pingback: https://www.guided-normandy-tours.com/xmlrpc.php
Expires: Thu, 06 Apr 2023 16:01:04 GMT
Cache-Control: max-age=3600
X-Redirect-By: WordPress
Location: https://www.guided-normandy-tours.com/
Content-Type: text/html; charset=UTF-8

$ curl -Ii https://www.guided-normandy-tours.com
curl: (60) SSL: no alternative certificate subject name matches target host name 'www.guided-normandy-tours.com'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

bastian · April 6, 2023, 3:33pm

so i should add an ServerAlias on my virtualhost for guidednormandytour.com

like that :

<VirtualHost 146.59.195.58:80>
        ServerName guided-normandy-tours.com
        serverAlias guidednormandytours.com
        serverAlias www.guided-normandy-tours.com                <= just added
        DocumentRoot /var/www/normandytour

        <Directory /var/www/normandytour>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Require all granted
                Order allow,deny
                allow from all
        </Directory>


re-run cerbot --apache

select www.guided-normandy-tours.com

and regenerate certificate ?

or maybe just add the new www.guided-normandy-tours.com to the SAN ?

Bruce5051 · April 6, 2023, 3:33pm

That would be my choice.

bastian · April 6, 2023, 3:44pm

how would you do that ?

like certbot -d guided-normandy-tours.com -d www.guided-normandy-tours.com -d guidednormandutours.com -d visiteralenconetorne.com -d www.visiteralenconetorne.com

and select Expend

finish with apache2 restart

Right ?

rg305 · April 6, 2023, 3:57pm

I count five entries - it should have six.
Three domains and three www.

bastian · April 6, 2023, 4:07pm

ok so i did it with the six like you said :

certbot -d guided-normandy-tours.com -d www.guided-normandy-tours.com -d guidednormandytours.com -d www.guidednormandytours.com -d visiteralenconetorne.com -d www.visiteralenconetorne.com

expand

restarted apache, but i still have the issue, there might be something i don't understand about this.

rg305 · April 6, 2023, 4:08pm

Please show the details.

bastian · April 6, 2023, 4:09pm

it work on google chrome on multiple computer, but does not on mozilla ??

rg305 · April 6, 2023, 4:09pm

Clear the cache or reboot that PC.
I see all six:

Bruce5051 · April 6, 2023, 4:10pm

I believe you have non-secure components in your web site.

rg305 · April 6, 2023, 4:11pm

Try using:
Why No Padlock?

Bruce5051 · April 6, 2023, 4:13pm

You also can find details here Hardenize Report: guided-normandy-tours.com

bastian · April 6, 2023, 4:13pm

padlock said that ssl was operationnal, and was working.

It apparently work now.

Thank you for your help, appreciate it.

rg305 · April 6, 2023, 4:14pm

Bruce5051 · April 6, 2023, 4:14pm

system · May 6, 2023, 4:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.