Issued to Shows Wrong Company

My domain is: https://www.londonwebfactory.com/

I ran this command: sudo certbot

My web server is (include version): AWS EC2 AMI 2

The operating system my web server runs on is (include version): Amazon Linux 2 AMI

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0,39.0

Hi

I have a number of domains running on this server and I use Certbot to issue the SSLs for them all.

When I run “sudo certbot” it issues the certificates and everything works fine.

However when I visit “londonwebfactory.com” and click on [Padlock > Certificate] the “issued to” says “cfroofingltd.co.uk”.

cfroofingltd.co.uk” is the first URL in my domain in list when I run “Sudo Certbot”.

All of my other domains say they are issued to: “cfroofingltd.co.uk”.

Ideally I would like them to say the actual domain name.

If this is not possible I would like them to say “londonwebfactory.com” - which is my company name.

Is there a settings file somewhere that I can edit?

Kind Regards,
Adrian Smith

1 Like

Hi @AdrianSmithUK

that’s normal. Checking your domain you have one certificate ( https://check-your-website.server-daten.de/?q=londonwebfactory.com ):

CN=cfroofingltd.co.uk
	28.11.2019
	26.02.2020
expires in 89 days	cfroofingltd.co.uk, greensleevescare.co.uk, homefrontsurrey.com, 
learningpig.com, london-drain-cleaning.com, londondrainsdirect.com, londonwebfactory.com, 
londonyogafactory.co.uk, lyntonhotellondon.com, new.londonwebfactory.com, 
sparescalculator.com, tools.sparescalculator.com, wimbledonglass.com, 
www.cfroofingltd.co.uk, www.greensleevescare.co.uk, www.homefrontsurrey.com, 
www.learningpig.com, www.london-drain-cleaning.com, www.londondrainsdirect.com, 
www.londonwebfactory.com, www.londonyogafactory.co.uk, www.lyntonhotellondon.com, 
www.sparescalculator.com, www.wimbledonglass.com - 
24 entries

with 24 domain names. Only one domain name can be used as CN -> that’s the visible entry.

So 23 domains have the “wrong” name --> it’s not really a problem.

Ignore it. Or you have to create one certificate per domain name. It’s not a security problem.

1 Like

Many thanks for the speedy response Juergen.

Is there something that I can edit so that it says my own company name instead of one of my customers?

1 Like

Change the order of your domain list. The first domain is used to fill the CN field.

2 Likes

What’s the best way to do this Juergen?

Is there a config file somewhere?

1 Like

If you use Certbot, use a long -d list and --cert-name to overwrite your existing certificate.

The first -d entry is used as CN -> that’s the domain name you see in your browser.

2 Likes

Many thank Juergen - that’s great!

Will I need to repeat the process when I renew the certificates or can I just use:

$sudo certbot renew

and it keeps the same CN ->

Also, is this correct?

sudo certbot --cert-name -d www.londonwebfactory.com -d londonwebfactory.com -d cfroofingltd.co.uk

…etc

1 Like

--cert-name requires a value, check your config with certbot certificates to find the name of your existing certificate and use that. If not, you must update your vHost configuration.

If you have a working certificate, that should work.

2 Likes

Sorry, one more thing Juergen:

Is this the correct way to overwrite the existing certificate(s) assuming I want them to say issued to www.londonwebfactory.com?

sudo certbot --cert-name -d www.londonwebfactory.com -d londonwebfactory.com -d cfroofingltd.co.uk …etc

1 Like

To anybody finding this post via google - the above won’t work.

Here is how I fixed the issue.

Step 1

I issued a new certificate using the command below:

certbot certonly --cert-name MyCertName.com -d website1.com -d www.website1.com -d website2.com -d website2.com …etc

Step 2

Next I got the path to the new certificate using:

sudo certbot certificates

Step 3

Next I went through each of the the website.com-le-ssl.conf files in /etc/httpd/conf.d and changed the path:

To speed things up I used a the “sed” command:

sudo sed -i ‘s//OldCertName.com///NewCertName.com//g’ *

Step 4

Then I restarted Apache

sudo systemctl start httpd

Now all of my vhosts show the correct company name.

Many thanks @JuergenAuer.

1 Like

If there are no more references to it in your web server configuration at all, you might want to delete the old certificate with certbot delete (so that certbot renew won’t try to renew it in the future).

1 Like

Many thanks for reminding me @schoen.

I actually used the following command to make sure I cleaned it up on your database too.

sudo certbot revoke --cert-name MyCertificateName

Certbot then asked me if I wanted to delete the certificate as well.

In-fact this exercise has been very good for learning to administer Certbot.

When I ran:

sudo certbot certificates

I found lots of dead certificates that I was receiving reminders for. I used the command above to revoke and delete them.

Kind Regards.

Hi @schoen

I revoked and deleted the certificate as I described above but this morning I got a reminder that the certificate was about to expire. Is this normal?

Kind Regards,
Adrian