Localhost.localdomain MISMATCH


#1

Hi All,
I have set up a new cloud server I have installed webmin and got a server certificate but when I test with https://www.ssllabs.com/ssltest/analyze.html?d=MyServerDomain I get:

Common names |localhost.localdomain|

Alternative names |localhost.localdomain MISMATCH|

I have installed certbot but not configured any other certificates.

How can I set up the server with myServerDomain?

Thanks in advance.

Wayne


#2

I’ve changed the section of your thread to “Help” because I think it’s more in its place over there. If you’d have opened your thread in that Help section, you’d have gotten the following questionnaire. Please answer every question the best you can, so we can help you better.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

Hi,

Thanks for your email.

I ran this command:

https://www.ssllabs.com/ssltest/analyze.html?d=dabd3e0.online-server.cloud&latest

It produced this output:

https://www.ssllabs.com/ssltest/analyze.html?d=dabd3e0.online-server.cloud#whyNotTrusted

My web server is (include version):

nxcloud server

The operating system my web server runs on is (include version):

Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-33-generic x86_64)

My hosting provider, if applicable, is:

fasthosts

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no


#4

Hi @wdrussell

you have a lot of certificates created:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:dabd3e0.online-server.cloud&lu=cert_search

But you don’t use one of them.

How did you create these certificates?

So your nxcloud server have to use one of these.


#5

Hi,

I was trying to fix this in Webmin Configuration and selecting Request Certificate.
I did not appreciate that I was being issued new certificates.

I have added /etc/apache2/sites-available/000-default-le-ssl.conf

referenced the live certificates.

I then used:

a2ensite /etc/apache2/sites-available/000-default-le-ssl.conf
This seems to be working correctly now.

How Can I remove the unwanted certificates?

Wayne


#6

Looks that every time you select “Request Certificate” you create a new certificate.

This is not possible. Certificate Transparency logs are permanent logs. Local, you can ignore these duplicate certificates.

Check, if you use the newest certificate.

And check in 60 - 70 days, if the renew works. If not, ask again. Certificates are 90 days valide. So you have 20 - 30 days to ask if there is a problem.


#7

Hi,

I am not sure how I can check I am using the newest certificate.

but in /etc/letsencrypt/renewal/ I have

rw-r–r-- 1 root root 746 Sep 8 16:41 dabd3e0.online-server.cloud-0001.conf
-rw-r–r-- 1 root root 746 Sep 8 16:51 dabd3e0.online-server.cloud-0002.conf
-rw-r–r-- 1 root root 746 Sep 8 17:06 dabd3e0.online-server.cloud-0003.conf
-rw-r–r-- 1 root root 721 Sep 8 16:37 dabd3e0.online-server.cloud.conf

I am currently using dabd3e0.online-server.cloud.conf should I be using 0003.conf in my file?

/etc/apache2/sites-available/000-default-le-ssl.conf

Wayne


#8

One from 2018-09-08 is ok :wink:

Is there a certbot? Then you can use the file from dabd3e0.online-server.cloud.conf with your webserver and use

certbot certificates - shows all certificates with their names

then

certbot delete --cert-name [the name of the certificate]

to remove that certificate.

Same, if there are older certificates. So that certbot doesn’t renew too much.

Result: You have only one active certificate, then it’s easier.


#9

Hi,

Thanks, that great I how only have one certificate for my server.

Wayne


#10

Now it looks good. But:

http://dabd3e0.online-server.cloud/

sends a http-status 403 - Forbidden, that’s ok. But

https://dabd3e0.online-server.cloud/

shows the content of the directory.

Index of /
[ICO] Name Last modified Size Description

This is always a bad idea. Deny that or - simpler - create an empty index.html in this directory. So your server sends the index.html.


#11

Hi,

It was good that you brought this to my attention - I missed this - I have now updated the ssl conf file to exclude indexing the site.

Thanks again for your assistance.

Wayne


#12

Yep, now I get a 404 Forbidden.


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.