Multiple certs, one server, one ip

themagicm · November 28, 2017, 12:51pm

Tried the search and looked thru the “Your topic is similar to …” (cool feature btw.)

Running CentOS 7.
Used Certbot and manually entered the certs in my Apache .conf file.
I have 1 IP and multiple sites declared in my VirtualHost directive which are hosted on this server.

When I ran certbot, it found all the domains I’m hosting on this site, generated my keys, chain etc.

The problem is when I go to the sites and look at the cert it shows the server’s domain, not the site.

IE.
server1.server.com is the server
site1.site.com is site 1.
site2.othersite.com is site2… etc

When viewing the cert in a browser for site1.site.com, it states “server1.server.com”. How do I change that to show “site1.site.com” ?

bytecamp · November 28, 2017, 1:10pm

Could you please specify the real domain names? It would save a lot of time.

If you issued separate certificates for your domains, each of them has to be assigned a VirtualHost with the corresponding domain name as ServerName or ServerAlias.

Did you create the separate VirtualHosts?

themagicm · November 28, 2017, 1:34pm

for example…

bartonekdragracing.com

Yes, all sites are in their own VirtualHost directive and have a ServerName and ServerAlias. When I ran certbot, I was prompted the following:

“Which names would you like to activate HTTPS for?”. I selected all that was listed since those were the sites I am hosting.

themagicm · November 28, 2017, 1:39pm

Yes, all of the virtualhost directives are specified by IP:443

bytecamp · November 28, 2017, 1:41pm

Could you specify the address where you get the wrong certificate? I don’t see any problem here, at least with these both domain names you offered.

themagicm · November 28, 2017, 1:43pm

for example…maybe I’m misunderstanding…

https://www.kendrick-auto.com view the cert, issued to “bartonekdragracing.com”. Shouldnt it say “kendrick-auto.com” ?

bytecamp · November 28, 2017, 1:48pm

Ah! I see. What you mean is the common name of a certificate. That’s one of the domain names which the certiicate is valid for, next to the names which are listed as subjectAltName.

To work around this, you have to issue separate certificates for each of your domain (including domain name without and with leading www.), then you assign each certificate to the corresponding virtual host. So you have to run certbot multiple times selecting the relevant domain names.

themagicm · November 28, 2017, 1:51pm

Ok, that makes sense. I misunderstood certbot then. When I selected all domains, I thought it was strange to think it would be “all domains in one cert file”. LOL. What you said makes sense. I’ll redo it for each site. I appreciate your replies btw!! Thanks!

system · December 28, 2017, 1:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.