Mistakenly completed certbot setup with wrong domain

I ran the certbot setup successfully but unfortunately mixed up the .ca for .com.
For the life of me I can't find out how to change the domain so that it's set properly.
I found instructions to change the domain with this command: certbot certonly --cert-name tomdohertywatercolour.com -d tomdohertywatercolour.ca
Which seemed to worked, I then installed certs and it said successful. However it did not apply and no https when visiting the site. And when checking: sudo cerbot certificates it's still listed under .com (tomdoherywatercolour.ca was only listed as domain)
I have since used: sudo certbot delete to remove those certificates.

Any idea how I can restart from fresh and properly change the domains in cerbot, so that I'm not seeing any remnants of the .com?

Thanks for your help! Matthew

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tomdohertywatercolour.ca

I ran this command: sudo cerbot --apache

It produced this output: completed setup but for .com

My web server is (include version): amazon linux

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: porkbun

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot --apache

First, the "--cert-name" used by Certbot can be anything. You could have used "tom" or "MyFavorite" as the name. This only affects the folder name used by Certbot. It does not affect the contents of the cert.

And, normally you don't specify --cert-name at all and just let Certbot choose a default. But, let's ignore that for now.

I see a wildcard cert issued (see: crt.sh | 15498495249) for your tomdohertywatercolour.ca domain. Is that what you requested initially? Because the --apache method cannot be used to get a wildcard cert.

Let's review what you have on your system. Please show output of these:

sudo certbot certificates
sudo apache2ctl -t -D DUMP_VHOSTS

You may need to use httpd or even apachectl instead of apache2ctl in that command. I don't remember off-hand which Amazon Linux uses.

3 Likes

Really appreciate the reply and detailed info.
When setting up certbot initially, I used the automated method so did not manually specify --cert-name. It's the wizard where you answer all the questions and then I imagine it sets up folders/files from that. So you're saying the domains specified in that step wouldn't affect the certificates? I'm confused there, when I run sudo certbot --apache it doesn't allow me to backtrack (at least not obviously) and I'm only provided the 2 options tomdohertywatercolour.com and www version to create certs for. That's what I'm hoping to figure out how to change, so that when I run sudo certbot --apache I see .ca versions instead.

DNS host porkbun issue ssl certs and I had revoked theirs before starting into this today, so that might be the wildcard you're seeing?

sudo certbot certificates = No certificates found.
sudo apache2ctl -t -D DUMP_VHOSTS (had to use httpd) =
VirtualHost configuration:
*:80 tomdohertywatercolour.com (/etc/httpd/conf/httpd.conf:48)

1 Like

Certbot's --apache plugin reads the Apache config. You must have the correct names in your Apache VirtualHost too. Just change those to the .ca version.

I was trying to say the name given with --cert-name does not affect the cert. Any name given with -d will. Or the name(s) shown by the Certbot --apache interactive list.

Yes, probably that.

That's the file (and line number) you need to fix to reflect your .ca name :slight_smile:

2 Likes

All wonderfully helpful. That's what I was missing that certbot generates the domains from the httpd.
I made the edit and both correct .ca names showed correctly when running certbot --apache.

Trouble when trying to create and set the certificates though.
Asked to activate https for both domains. Successfully received certificate. Deploying certificate - Could not install certificate.

Next step notes:
The certificate was saved but could not be installed (installer: apache). To fix error try installing it by running: certbot install --cert-name tomdohertywatercolour.ca

I ran that and received this error:
Could not find ssl_module; not disabling session tickets.
Deploying certificate
Could not install certificate

Running Certbot certificates shows an entry for tomdohertywatercolour.ca

What am I missing to have it install correctly?
Thanks again.

1 Like

You need to install that module in Apache

Refer to Amazon Linux docs. It should show in below list once complete

httpd -M
3 Likes

You have me all set. Thanks for your timely help MikeMcQ, have the certificates deployed without errors. Cheers!

3 Likes