Multiple subdomains problem


#1

Hi,

I run multiple WordPress sites under various subdomains. The last certificate renewal failed, but thanks to Google and this forum, this now sort of works. This is what happens now.

curl -i https://www.grendel.no

returns

curl: (51) SSL: certificate subject name (grendel.no) does not match target host name 'www.grendel.no

This runs with no errors:

certbot --apache certonly -w ~vds/www/blog.grendel.no -d grendel.no -d blog.grendel.no -d r.grendel.no -d www.grendel.no -d ptsd-boken.grendel.no

Please find log below.

Any and all hints and suggestions appreciated.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
grendel.no

I ran this command:

certbot --apache certonly -w ~vds/www/blog.grendel.no -d grendel.no -d blog.grendel.no -d r.grendel.no -d www.grendel.no -d ptsd-boken.grendel.no

It produced this output:

certbot --apache certonly -w ~vds/www/blog.grendel.no -d grendel.no -d blog.grendel.no -d r.grendel.no -d www.grendel.no -d ptsd-boken.grendel.no
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

-------------------------------------------------------------------------------
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/grendel.no-0004.conf)

It contains these names: grendel.no, blog.grendel.no, r.grendel.no

You requested these names for the new certificate: grendel.no, blog.grendel.no,
r.grendel.no, www.grendel.no, ptsd-boken.grendel.no.

Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for grendel.no
http-01 challenge for blog.grendel.no
http-01 challenge for r.grendel.no
http-01 challenge for www.grendel.no
http-01 challenge for ptsd-boken.grendel.no
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/grendel.no-0004/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/grendel.no-0004/privkey.pem
   Your cert will expire on 2018-06-12. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

My web server is (include version):
Apache/2.4.18 (Ubuntu) mod_R/1.2.8 R/3.2.3 OpenSSL/1.0.2g mod_apreq2-20090110/2.8.0

The operating system my web server runs on is (include version):

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.4 LTS
Release:	16.04
Codename:	xenial

My hosting provider, if applicable, is:
www.webhuset.no

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No


#2

Hi @rolfmblindgren,

You should review the path used in your Apache’s SSL directives, keep in mind that the new cert covering grendel.no, blog.grendel.no, r.grendel.no, www.grendel.no and ptsd-boken.grendel.no is located in this path /etc/letsencrypt/live/grendel.no-0004/ and maybe your apache configuration is using /etc/letsencrypt/live/grendel.no/

Cheers,
sahsanu


#3

That’s it exactly.

Thanks! :smiley:


#4

On a separate note, though.

The SSL plugin that WordPress uses, places the files elsewhere. This works, obviously, but it’s confusing.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.