Standerd form:
My domain is: tmccraft.com
I ran this command: certbot --apache -d tmccraft.com -d panel.tmccraft.com
It produced this output:
Congratulations! You have successfully enabled https://tmccraft.com and
https://panel.tmccraft.com
My web server is (include version): Apache/2.4.29
The operating system my web server runs on is (include version): Ubuntu 18.04
My hosting provider, if applicable, is: https://feroxhosting.nl/
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): -
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 0.31.0
Hello everyone! I seem to have some issues getting ssl to work correctly at mijn domain tmccraft.com i'll get the error. it's probably some dumb thing that I do wrong I'm not really that experienced when it comes to all the linux/webserver stuff.
My situation is as follows. I recently bought a vps with it's main purpose being to run a small minecraft server network. For that I use multicraft as my contol panel which is accessible through panel.tmccraft.com to install it all I used the following guide: "https://www.heyvaldemar.com/installing-multicraft-on-ubuntu-server/" now that worked great, ssl was worked fine on the sub domain panel.tmccraft.com as it still does as you can see for yourself. So now I also liked to have a website for the server, so I followed the following guide to install a wordpress site: How To Install WordPress with LAMP on Ubuntu 18.04 | DigitalOcean
However now I ran into an issue: NET::ERR_CERT_COMMON_NAME_INVALID for some reason this time it didn't work. Now I tried some different things to see if I could fix it, like merging the panel.tmccraft.com.conf and tmccraft.com.conf and the regenerating the ssl conf. to no avail so far. So i'll list my current config and the cerbot command that I ran maybe you guys can spot what the error is.
my tmccraft2.com.conf file:
<VirtualHost 188.40.172.125:80>
ServerAdmin mulder00thomas@gmail.com
ServerName tmccraft.com
DocumentRoot /var/www/wordpress
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =tmccraft.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
<VirtualHost 188.40.172.125:80>
ServerName panel.tmccraft.com
DocumentRoot /var/www/html/multicraft
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =panel.tmccraft.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
tmccraft2.com-le-ssl.conf:
ServerAdmin mulder00thomas@gmail.com ServerName tmccraft.com DocumentRoot /var/www/wordpress ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combinedSSLCertificateFile /etc/letsencrypt/live/panel.tmccraft.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/panel.tmccraft.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<VirtualHost 188.40.172.125:443>
ServerName panel.tmccraft.com
DocumentRoot /var/www/html/multicraft
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combinedSSLCertificateFile /etc/letsencrypt/live/panel.tmccraft.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/panel.tmccraft.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
the command I ran and it's output:
root@TMCProductions:~# certbot --apache -d tmccraft.com -d panel.tmccraft.com > Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewalYou have an existing certificate that has exactly the same domains or certificat e name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/panel.tmccraft.com.conf)What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Created an SSL vhost at /etc/apache2/sites-available/tmccraft2.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/tmccraft2.com- le-ssl.conf
Enabling available site: /etc/apache2/sites-available/tmccraft2.com-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/tmccraft2.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/tmccraft2.com- le-ssl.confPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP ac cess.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/tmccraft2.com.conf to ssl vhost in /etc/apache2/sites-available/tmccraft2.com-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/tmccraft2.com.conf to ssl vhost in /etc/apache2/sites-available/tmccraft2.com-le-ssl.conf
Congratulations! You have successfully enabled https://tmccraft.com and
https://panel.tmccraft.comYou should test your configuration at:
SSL Server Test: tmccraft.com (Powered by Qualys SSL Labs)
SSL Server Test (Powered by Qualys SSL Labs)
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/panel.tmccraft.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/panel.tmccraft.com/privkey.pem
Your cert will expire on 2021-03-27. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew all of
your certificates, run "certbot renew"If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation
I hope anyone knows what to do, I wouldn't mind resetting it again and doing it again if someone knows how. If you need more info please let me know.
Greetings Thomas Mulder.