Localhost.localdomain MISMATCH

wdrussell · September 9, 2018, 11:41am

Hi All,
I have set up a new cloud server I have installed webmin and got a server certificate but when I test with https://www.ssllabs.com/ssltest/analyze.html?d=MyServerDomain I get:

Common names |localhost.localdomain|

Alternative names |localhost.localdomain MISMATCH|

I have installed certbot but not configured any other certificates.

How can I set up the server with myServerDomain?

Thanks in advance.

Wayne

Osiris · September 9, 2018, 11:46am

I’ve changed the section of your thread to “Help” because I think it’s more in its place over there. If you’d have opened your thread in that Help section, you’d have gotten the following questionnaire. Please answer every question the best you can, so we can help you better.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

wdrussell · September 9, 2018, 12:37pm

Hi,

Thanks for your email.

I ran this command:

https://www.ssllabs.com/ssltest/analyze.html?d=dabd3e0.online-server.cloud&latest

It produced this output:

https://www.ssllabs.com/ssltest/analyze.html?d=dabd3e0.online-server.cloud#whyNotTrusted

My web server is (include version):

nxcloud server

The operating system my web server runs on is (include version):

Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-33-generic x86_64)

My hosting provider, if applicable, is:

fasthosts

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

JuergenAuer · September 9, 2018, 12:43pm

Hi @wdrussell

you have a lot of certificates created:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:dabd3e0.online-server.cloud&lu=cert_search

But you don’t use one of them.

How did you create these certificates?

So your nxcloud server have to use one of these.

wdrussell · September 9, 2018, 3:19pm

Hi,

I was trying to fix this in Webmin Configuration and selecting Request Certificate.
I did not appreciate that I was being issued new certificates.

I have added /etc/apache2/sites-available/000-default-le-ssl.conf

referenced the live certificates.

I then used:

a2ensite /etc/apache2/sites-available/000-default-le-ssl.conf
This seems to be working correctly now.

How Can I remove the unwanted certificates?

Wayne

JuergenAuer · September 9, 2018, 3:24pm

Looks that every time you select "Request Certificate" you create a new certificate.

This is not possible. Certificate Transparency logs are permanent logs. Local, you can ignore these duplicate certificates.

Check, if you use the newest certificate.

And check in 60 - 70 days, if the renew works. If not, ask again. Certificates are 90 days valide. So you have 20 - 30 days to ask if there is a problem.

wdrussell · September 9, 2018, 3:43pm

Hi,

I am not sure how I can check I am using the newest certificate.

but in /etc/letsencrypt/renewal/ I have

rw-r–r-- 1 root root 746 Sep 8 16:41 dabd3e0.online-server.cloud-0001.conf
-rw-r–r-- 1 root root 746 Sep 8 16:51 dabd3e0.online-server.cloud-0002.conf
-rw-r–r-- 1 root root 746 Sep 8 17:06 dabd3e0.online-server.cloud-0003.conf
-rw-r–r-- 1 root root 721 Sep 8 16:37 dabd3e0.online-server.cloud.conf

I am currently using dabd3e0.online-server.cloud.conf should I be using 0003.conf in my file?

/etc/apache2/sites-available/000-default-le-ssl.conf

Wayne

JuergenAuer · September 9, 2018, 3:48pm

One from 2018-09-08 is ok

Is there a certbot? Then you can use the file from dabd3e0.online-server.cloud.conf with your webserver and use

certbot certificates - shows all certificates with their names

then

certbot delete --cert-name [the name of the certificate]

to remove that certificate.

Same, if there are older certificates. So that certbot doesn't renew too much.

Result: You have only one active certificate, then it's easier.

wdrussell · September 9, 2018, 4:07pm

Hi,

Thanks, that great I how only have one certificate for my server.

Wayne

JuergenAuer · September 9, 2018, 4:35pm

Now it looks good. But:

http://dabd3e0.online-server.cloud/

sends a http-status 403 - Forbidden, that's ok. But

https://dabd3e0.online-server.cloud/

shows the content of the directory.

Index of /
[ICO] Name Last modified Size Description

This is always a bad idea. Deny that or - simpler - create an empty index.html in this directory. So your server sends the index.html.

wdrussell · September 9, 2018, 5:05pm

Hi,

It was good that you brought this to my attention - I missed this - I have now updated the ssl conf file to exclude indexing the site.

Thanks again for your assistance.

Wayne

JuergenAuer · September 9, 2018, 5:14pm

Yep, now I get a 404 Forbidden.

system · October 9, 2018, 5:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate Showing as localhost.localdomain? Help	30	3306	October 26, 2022
Mismatch SSL certificate Help	13	1322	May 4, 2018
"Certificate name mismatch" from ssllabs.com/ssltest Help	17	544	July 7, 2022
Alternative names MISMATCH in certificate Help	13	1101	September 18, 2020
Certificate name mismatch Server	4	2230	March 22, 2018

Localhost.localdomain MISMATCH

Related topics