Modify parameters of an issued ssl certificate due Certificate name mismatch error - issued by certbot auto

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: worldclasscrew.com

I ran this command:

74 mkdir /opt/certbot
75 cd /opt/certbot
76 wget https://dl.eff.org/certbot-auto
77 chmod a+x ./certbot-auto
78 ./certbot-auto

It produced this output:

: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Enhancement redirect was already set.


Congratulations! You have successfully enabled https://worldclasscrew.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=worldclasscrew.com


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/worldclasscrew.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/worldclasscrew.com/privkey.pem
    Your cert will expire on 2020-01-14. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again with the “certonly” option. To non-interactively renew all
    of your certificates, run “certbot-auto renew”

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

Certificate name mismatch
Click here to ignore the mismatch and proceed with the tests

My web server is (include version): centos 7.7

The operating system my web server runs on is (include version): win 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot --version
-bash: certbot: command not found

certbot-auto --version

-bash: certbot-auto: command not found

The problem may be that Apache has two SSL virtual hosts configured for the same domain:

  1. The one that Apache on CentOS comes with, with a self-signed certificate
  2. The one that Certbot added, which you want to use

If so, it’s usually a simple matter to just remove or comment out the default SSL virtual host, so that only your Let’s Encrypt one remains.

To find out whether that’s the case:

apachectl -t -D DUMP_VHOSTS

Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
[Thu Oct 17 00:48:13.346288 2019] [alias:warn] [pid 22639] AH00671: The ScriptAlias directive in /etc/httpd/conf.d/mailman.conf at line 4 will probably never match because it overlaps an earlier ScriptAlias.
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:356
VirtualHost configuration:
*:8081 worldclasscrew.com (/etc/httpd/conf/sites-enabled/000-apps.vhost:9)
*:9090 worldclasscrew.com (/etc/httpd/conf/sites-enabled/000-ispconfig.vhost:9)
*:80 worldclasscrew.com (/etc/httpd/conf/httpd.conf:361)
*:443 is a NameVirtualHost
default server worldclasscrew.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost worldclasscrew.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost worldclasscrew.com (/etc/httpd/conf/httpd-le-ssl.conf:2)

may you please let me know what shall I do further ?

how to fix the errors like
https://www.ssllabs.com/ssltest/analyze.html?d=worldclasscrew.com

Common names worldclasscrew.com
Alternative names - INVALID
Serial Number 64f4
Valid from Wed, 16 Oct 2019 00:30:55 UTC
Valid until Thu, 15 Oct 2020 00:30:55 UTC (expires in 11 months and 28 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer worldclasscrew.com Self-signed
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency No
OCSP Must Staple No
Revocation information None
DNS CAA No (more info)
Trusted No NOT TRUSTED (Why?)
Mozilla Apple Android Java Windows

There's your problem. Duplicate SSL virtual hosts, as I described in my first response.

ssl.conf is the self-signed certificate - you don't want it.

http-le-ssl.conf is the Let's Encrypt certificate - you want to keep this.

You will want to comment out or remove ssl.conf, and then restart Apache.

removed ssl.conf virtual hosts .
Stil have
Connection to ‘server’ failed.
Invalid certificate. No subject alternative names present
when I try to connect via php storm or other editor

Now I have
apachectl -t -D DUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error on line 218 of /etc/httpd/conf.d/ssl.conf: without matching section

trying to remove certbot certificate and reinstall again I have

[root@… ~]# sudo certbot revoke -d worldclasscrew.com -cert-path /etc/letsencrypt/live/letsencrypt/live/worldclasscrew.com/cert.pem -key-path
/etc/letsencrypt/live/worldclasscrew.com/privkey.pem
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: File not found: ert-path
[root@… ~]# sudo certbot revoke -d worldclasscrew.com --cert-path /etc/letsencrypt/live/letsencrypt/live/worldclasscrew.com/cert.pem --key-pat
h /etc/letsencrypt/live/worldclasscrew.com/privkey.pem
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --cert-path: No such file or directory

that not solved the certificate error. plese help

Hi @eli.za

never revoke certificates if the private key isn't stolen.

There is a rate limit. So you can't create unlimited certificates.

Use that certificate.

PS: There are already some certificates - https://check-your-website.server-daten.de/?q=worldclasscrew.com#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-10-17 2020-01-15 worldclasscrew.com - 1 entries duplicate nr. 3
Let's Encrypt Authority X3 2019-10-16 2020-01-14 worldclasscrew.com, www.worldclasscrew.com - 2 entries duplicate nr. 2
Let's Encrypt Authority X3 2019-10-16 2020-01-14 worldclasscrew.com, www.worldclasscrew.com - 2 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-10-16 2020-01-14 worldclasscrew.com - 1 entries duplicate nr. 2
Let's Encrypt Authority X3 2019-10-16 2020-01-14 worldclasscrew.com - 1 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-10-08 2020-01-06 mail.worldclasscrew.com, worldclasscrew.com, www.worldclasscrew.com - 3 entries
Let's Encrypt Authority X3 2019-10-08 2020-01-06 mail.worldclasscrew.com, worldclasscrew.com, www.worldclasscrew.com - 3 entries

So install one of these instead of creating the next.

what to do with “invalid” “configuration problem” certificates ?

What’s your question?

Your configuration is good - and terrible - https://check-your-website.server-daten.de/?q=worldclasscrew.com

Your www version has ipv4 and ipv6, but ipv6 has a timeout:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
worldclasscrew.com A 51.83.76.62 Gravelines/Hauts-de-France/France (FR) - OVH SAS Hostname: 62.ip-51-83-76.eu yes 1 0
AAAA yes
www.worldclasscrew.com A 51.83.76.62 Gravelines/Hauts-de-France/France (FR) - OVH SAS Hostname: 62.ip-51-83-76.eu yes 1 0
AAAA 2001:41d0:305:2100::8579 Gravelines/Hauts-de-France/France (FR) - OVH SAS yes

Your ipv4 uses a correct and new Letsencrypt certificate:

CN=worldclasscrew.com
	17.10.2019
	14.01.2020
expires in 87 days	worldclasscrew.com, www.worldclasscrew.com - 2 entries

Ssllabs reports a Grade A+ - https://www.ssllabs.com/ssltest/analyze.html?d=worldclasscrew.com

And you have created some certificates (ok, the same, no new)

Please read

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.