Multiple domain in 1 IP address, but issue with 1 issue in 1 domain


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nttec.com

I ran this command: certbot --apache -d www.nttec.com -d nttec.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nttec.com
http-01 challenge for www.nttec.com
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/httpd/sites-available/nttec.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/nttec.com-le-ssl.conf
Enabling site /etc/httpd/sites-available/nttec.com-le-ssl.conf by adding Include to root configuration
Deploying Certificate to VirtualHost /etc/httpd/sites-available/nttec.com-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Redirecting vhost in /etc/httpd/sites-enabled/nttec.com.conf to ssl vhost in /etc/httpd/sites-available/nttec.com-le-ssl.conf


Congratulations! You have successfully enabled https://www.nttec.com and
https://nttec.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.nttec.com
https://www.ssllabs.com/ssltest/analyze.html?d=nttec.com


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.nttec.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.nttec.com/privkey.pem
    Your cert will expire on 2019-03-13. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version): Apache

The operating system my web server runs on is (include version): Cento 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I have multiple domain on one IP address, all the other domain in it successfully got their certificate for both www and non-www and all this domain is serving the same content from the same folder.

all this domain have their own seperate vhost file which contain this information

<VirtualHost *:80>
ServerName nttec.com
ServerAlias *.nttec.com

DocumentRoot /home/nttec/public_html
<Directory "/home/nttec/public_html">
  Require all granted
</Directory>
ErrorLog logs/nttec.com-error_log
CustomLog logs/nttec.com-access_log common

my server hostname: nttec.com

except for this domain, I have tired to generate a certificate for it but end-up with Error - Certificate isn’t trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors

NET::ERR_CERT_AUTHORITY_INVALID


#2
apachectl -t -D DUMP_VHOSTS

#3

*:443 is a NameVirtualHost
default server nttec.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost nttec.com (/etc/httpd/conf.d/ssl.conf:56)

I am seing this right now, but I’m not sure what to do with that.


#4

I need to see the full output.

The reason is that I need to confirm whether you have a duplicate HTTPS VirtualHost for nttec.com.

e.g.

The fact that these two co-exist strongly suggests duplication, in which case, only one of the VirtualHosts are actually used by Apache. In your case, probably the (incorrect) ssl.conf one.


#5

Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
VirtualHost configuration:
*:80 is a NameVirtualHost
port 80 namevhost cloudtanium.com (/etc/httpd/sites-enabled/cloudtanium.com.conf:1)
wild alias *.cloudtanium.com
port 80 namevhost gasuki.com (/etc/httpd/sites-enabled/gasuki.com.conf:1)
wild alias *.gasuki.com
port 80 namevhost kechiserver.com (/etc/httpd/sites-enabled/kechiserver.com.conf:1)
wild alias *.kechiserver.com
port 80 namevhost nttec.com (/etc/httpd/sites-enabled/nttec.com.conf:1)
wild alias *.nttec.com
port 80 namevhost syo-ten.com (/etc/httpd/sites-enabled/syo-ten.com.conf:1)
wild alias *.syo-ten.com
port 80 namevhost yakin.cc (/etc/httpd/sites-enabled/yakin.cc.conf:1)
wild alias *.yakin.cc
port 80 namevhost zansu.com (/etc/httpd/sites-enabled/zansu.com.conf:1)
wild alias *.zansu.com
*:443 is a NameVirtualHost
default server nttec.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost nttec.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost cloudtanium.com (/etc/httpd/sites-available/cloudtanium.com-le-ssl.conf:2)
wild alias *.cloudtanium.com
port 443 namevhost syo-ten.com (/etc/httpd/sites-available/syo-ten.com-le-ssl.conf:2)
wild alias *.syo-ten.com
port 443 namevhost gasuki.com (/etc/httpd/sites-available/gasuki.com-le-ssl.conf:2)
wild alias *.gasuki.com
port 443 namevhost kechiserver.com (/etc/httpd/sites-available/kechiserver.com-le-ssl.conf:2)
wild alias *.kechiserver.com
port 443 namevhost yakin.cc (/etc/httpd/sites-available/yakin.cc-le-ssl.conf:2)
wild alias *.yakin.cc
port 443 namevhost zansu.com (/etc/httpd/sites-available/zansu.com-le-ssl.conf:2)
wild alias *.zansu.com
port 443 namevhost nttec.com (/etc/httpd/sites-available/nttec.com-le-ssl.conf:2)
wild alias *.nttec.com


#6

Great!

So these three VirtualHosts “compete” for the nttec.com domain within Apache, and only one of them can succeed.

At the moment, it’s probably the one in ssl.conf that is winning, which is configured to use a self-signed certificate.

The one you want to win is in nttec.com-le-ssl.conf, which is created by Certbot.

So probably the easiest way is to just comment out the entire VirtualHost from ssl.conf, and the one created by Certbot should take over.


#7

Ok will try this. thank you.


#8

I can’t comment the whole vhost on ssl.conf. if I where to turn it off. server wont serve anything at all across all the domain on the server.


#9

If there are global configuration directories within the VirtualHost, then you should be able to just hoist them outside of the VirtualHost, and then comment out the VirtualHost.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.