Hi,
I run multiple WordPress sites under various subdomains. The last certificate renewal failed, but thanks to Google and this forum, this now sort of works. This is what happens now.
curl -i https://www.grendel.no
returns
curl: (51) SSL: certificate subject name (grendel.no) does not match target host name 'www.grendel.no
This runs with no errors:
certbot --apache certonly -w ~vds/www/blog.grendel.no -d grendel.no -d blog.grendel.no -d r.grendel.no -d www.grendel.no -d ptsd-boken.grendel.no
Please find log below.
Any and all hints and suggestions appreciated.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
grendel.no
I ran this command:
certbot --apache certonly -w ~vds/www/blog.grendel.no -d grendel.no -d blog.grendel.no -d r.grendel.no -d www.grendel.no -d ptsd-boken.grendel.no
It produced this output:
certbot --apache certonly -w ~vds/www/blog.grendel.no -d grendel.no -d blog.grendel.no -d r.grendel.no -d www.grendel.no -d ptsd-boken.grendel.no
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
-------------------------------------------------------------------------------
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/grendel.no-0004.conf)
It contains these names: grendel.no, blog.grendel.no, r.grendel.no
You requested these names for the new certificate: grendel.no, blog.grendel.no,
r.grendel.no, www.grendel.no, ptsd-boken.grendel.no.
Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for grendel.no
http-01 challenge for blog.grendel.no
http-01 challenge for r.grendel.no
http-01 challenge for www.grendel.no
http-01 challenge for ptsd-boken.grendel.no
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/grendel.no-0004/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/grendel.no-0004/privkey.pem
Your cert will expire on 2018-06-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
My web server is (include version):
Apache/2.4.18 (Ubuntu) mod_R/1.2.8 R/3.2.3 OpenSSL/1.0.2g mod_apreq2-20090110/2.8.0
The operating system my web server runs on is (include version):
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
My hosting provider, if applicable, is:
www.webhuset.no
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No