Issued by example.com error


#1

Please fill out the fields below so we can help you better.

My domain is: na

I ran this command:

./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d test.com d- www.test.com

I obviusly changed “test.com” to my domain name.

It produced this output on ssl checker:

www.test.com resolves to 52.xx.xxx.xxx

Server Type: Apache

The certificate will expire in 3542 days.	

The certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate

None of the common names in the certificate match the name that was entered (www.test.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors

Common name: www.example.com
Valid from October 24, 2016 to October 22, 2026
Serial Number: xxxxxxxxxxxxxxxx (0xcabxxxxxxxxxxx)
Signature Algorithm: shaxxxxWithRSAEncryption
Issuer: www.example.com

So the common name is not my own domain, instead it’s:

www.example.com

and the issue is not letsencrypt, but again:

www.example.com

Not sure how to correct this problem, is there a way to enter bitnami apache config to fix the www.example.com issuer?

My operating system is (include version):
linux

My web server is (include version):
bitnami wordpress

My hosting provider, if applicable, is:
lightsail

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No


#2

Hi @grq79, there was a good explanation of this in another thread recently and I wish I remembered which one!

When you use the certonly form, the Certbot software does not install or configure the certificate for you. certonly means “only obtain the certificate, don’t do anything with it”. So what you’re seeing is that your new certificate has been issued and downloaded, but not installed or activated. Your server software is still using whatever it was defaulting to use before, which is probably a demo or test certificate—not the Let’s Encrypt certificate for your site.

The certificate that Certbot got for you should be within /etc/letsencrypt/live, and you’ll now want to edit your web server configuration files to point to, typically, the fullchain.pem and privkey.pem within that, and then tell the web server to reload its configuration.


Certificate subject name does not match target host name because Let's Encrypt uses Amazon's private DNS name
#3

If you also want Certbot to attempt to configure Apache for you, there are also ways to run Certbot that will do that (the simplest is to use certbot run --apache). It may or may not work on your virtual hosting OS image because some operating systems are better supported than others for the feature of configuring Apache for you.

If you want to do this, you might want to remove all of /etc/letsencrypt first so that you don’t also have the other certificate sitting around (and getting renewed).


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.