Invalid Alternative Name


#1

My issue is my cert is successfully created but it continually shows my server name KTKWEB01 instead of the domain and nothing I seem to do can change that. I have ran the below command, and even changed the hostname of my server and none of that seems to fix the issue.

Details below.

My domain is: kogent.tech

I ran this command: certbot --apache --cert-name kogent.tech

It produced this output: Congratulations! You have successfully enabled https://kogent.tech

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=kogent.tech [this shows it doesn’t match]


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/kogent.tech/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/kogent.tech/privkey.pem
    Your cert will expire on 2018-11-18. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

  • Some rewrite rules copied from /etc/httpd/conf.d/kogent-tech.conf
    were disabled in the vhost for your HTTPS site located at
    /etc/httpd/conf.d/kogent-tech-le-ssl.conf because they have the
    potential to create redirection loops.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version):apache 2.4.6

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO


#2

Hi @iagguy,

The certificate that you’re seeing is not the Let’s Encrypt certificate, but rather a self-signed certificate that came with or came from your operating system instead of Let’s Encrypt. To make this work, it will be necessary to get Apache to use the Let’s Encrypt certificate instead of the self-signed one, which will probably require a change to your Apache configuration.

certbot --apache is supposed to make this change for you but apparently it didn’t succeed here.

One thing I’ve seen with a number of CentOS users who have similar problems to yours is that they have a VirtualHost for _default_:443 which for some reason seems to take priority over more specific HTTPS VirtualHosts (such as the one that Certbot would have created for you that references your Let’s Encrypt certificate). Can you check if you have that? For example, you could run

grep -r _default_ /etc/httpd


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.