NET::ERR_CERT_COMMON_NAME_INVALID After Migrating to New VPS ( Ubuntu 16.04 - EasyEngine - Nginx )

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=uhousehcmc.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: uhousehcmc.com

I ran this command: ee site update uhousehcmc.com --letsencrypt

It produced this output:
Letsencrypt is currently in beta phase.
Do you wish to enable SSl now for uhousehcmc.com?
Type “y” to continue [n]:y
You already have an existing certificate for the domain requested.
(ref: /etc/letsencrypt/renewal/uhousehcmc.com.conf)
Please select an option from below?
1: Reinstall existing certificate
2: Keep the existing certificate for now
3: Renew & replace the certificate (limit ~5 per 7 days)

Type the appropriate number [1-3] or any other key to cancel: 1
Please Wait while we reinstall SSL Certificate for your site.
It may take time depending upon network.
Unable to setup, Let’s Encrypt
Please make sure that your site is pointed to
same server on which you are running Let’s Encrypt Client
to allow it to verify the site automatically.

My web server is (include version): EasyEngine v3.8.1 - NGINX (1.14.0)

The operating system my web server runs on is (include version): Ubuntu 16.0.4

My hosting provider, if applicable, is: Contabo

I can login to a root shell on my machine (yes or no, or I don’t know): YES can login

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No control Panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I’m sorry…I don’t know this mean

Please help…

I just moved my domain to another vps, with the same as vps before …including settings and configurations.
So…after success moving my old files wordpress data ( wp content and DB ), I think…I just need editing my DNS config in namecheap because it just change the old IP with the new IP.

And… NET::ERR_CERT_COMMON_NAME_INVALID is show up.

How to fix this…?. Any suggestion and step by step would be appreciated because I am newbie.
Thank you for the help

Are buatcantik.com and uhousehcmc.com supposed to be the same server, or different servers?

At the moment, both domains point to the same VPS.

Yes…it pointed to the same server

Well, there’s not really enough information for us to go on.

Could you take a look at your EE log file to see if it logs anything useful when you try to update the certificate?

tail -n100 /var/log/ee/ee.log

You can also try searching for your issue or asking your question on the EE forums: https://community.easyengine.io/ .

Thank you for the quick reply :slight_smile:

And this is the log file
============================================================
2019-12-04 01:21:32,009 (DEBUG) ee : logging initialized for ‘ee’ using LoggingLogHandler
2019-12-04 01:21:32,261 (DEBUG) ee : [’/usr/local/bin/ee’, ‘–version’]
2019-12-04 01:21:32,262 (DEBUG) ee : collecting arguments/commands for <ee.cli.controllers.base.EEBaseController object at 0x7f00cebe4630>
2019-12-04 01:28:37,056 (DEBUG) ee : logging initialized for ‘ee’ using LoggingLogHandler
2019-12-04 01:28:37,338 (DEBUG) ee : [’/usr/local/bin/ee’, ‘site’, ‘update’, ‘uhousehcmc.com’, ‘–letsencrypt’]
2019-12-04 01:28:37,338 (DEBUG) ee : collecting arguments/commands for <ee.cli.controllers.base.EEBaseController object at 0x7fe8ffa8c6d8>
2019-12-04 01:28:37,341 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteController object at 0x7fe8ffa8c940>
2019-12-04 01:28:37,342 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteUpdateController object at 0x7fe8ffa8cf60>
2019-12-04 01:28:37,346 (INFO) ee : Initializing EasyEngine Database
2019-12-04 01:28:37,359 (INFO) ee : Letsencrypt is currently in beta phase.
Do you wish to enable SSl now for uhousehcmc.com?
2019-12-04 01:28:39,363 (DEBUG) ee : Changing directory to /opt/letsencrypt
2019-12-04 01:28:39,364 (DEBUG) ee : Running command: git pull
2019-12-04 01:28:47,334 (DEBUG) ee : Command Output: Updating acc918eee…b45f79d0a
,
Command Error: From https://github.com/letsencrypt/letsencrypt
84b770b56…b45f79d0a master -> origin/master

  • [new branch] 1.0.x -> origin/1.0.x
  • [new branch] ap2_merge_master -> origin/ap2_merge_master
    ac1a60ff0…6148e5c35 apache-parser-v2 -> origin/apache-parser-v2
  • [new branch] candidate-1.0.0 -> origin/candidate-1.0.0
  • [new branch] dns-no-beta -> origin/dns-no-beta
    5ea3d45d9…72afe2b39 get_vhosts -> origin/get_vhosts
    74347f9c4…59b57cc62 how-to-build-docs -> origin/how-to-build-docs
  • [new tag] v1.0.0 -> v1.0.0
    error: Your local changes to the following files would be overwritten by merge:
    certbot-auto
    letsencrypt-auto
    Please commit your changes or stash them before you merge.
    Aborting

2019-12-04 01:28:47,335 (DEBUG) ee : LetsEncrypt SSL Certificate found for the domain uhousehcmc.com
2019-12-04 01:28:47,335 (WARNING) ee : You already have an existing certificate for the domain requested.
(ref: /etc/letsencrypt/renewal/uhousehcmc.com.conf)
Please select an option from below?
1: Reinstall existing certificate
2: Keep the existing certificate for now
3: Renew & replace the certificate (limit ~5 per 7 days)
2019-12-04 01:29:14,101 (INFO) ee : Please Wait while we reinstall SSL Certificate for your site.
It may take time depending upon network.
2019-12-04 01:29:14,102 (DEBUG) ee : Running command: ./letsencrypt-auto certonly --reinstall --webroot -w /var/www/uhousehcmc.com/htdocs/ -d uhousehcmc.com -d www.uhousehcmc.com --email mbahgugel.kaskus@gmail.com --text --agree-tos
2019-12-04 01:29:55,070 (DEBUG) ee : Command Output: Upgrading certbot-auto 0.40.1 to 1.0.0…
Replacing certbot-auto…
Creating virtual environment…
Installing Python packages…
Installation succeeded.
IMPORTANT NOTES:

2019-12-04 01:29:55,071 (ERROR) ee : Unable to setup, Let’s Encrypt
2019-12-04 01:29:55,071 (ERROR) ee : Please make sure that your site is pointed to
same server on which you are running Let’s Encrypt Client
to allow it to verify the site automatically.
2019-12-04 01:42:15,368 (DEBUG) ee : logging initialized for ‘ee’ using LoggingLogHandler
2019-12-04 01:42:16,325 (DEBUG) ee : [’/usr/local/bin/ee’, ‘info’, ‘–nginx’]
2019-12-04 01:42:16,325 (DEBUG) ee : collecting arguments/commands for <ee.cli.controllers.base.EEBaseController object at 0x7f08c751d668>
2019-12-04 01:42:16,330 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.info.EEInfoController object at 0x7f08c751d898>
2019-12-04 01:42:16,334 (INFO) ee : Initializing EasyEngine Database
2019-12-04 01:42:19,507 (DEBUG) ee : loading template file /usr/lib/ee/templates/info_nginx.mustache

Thanks. There’s a lot of useful information in there.

I think now we have to identify why your uhousehcmc.com site seems to not be configured in nginx.

What is the output of these:

ee site list --enabled

and

ee site show uhousehcmc.com

ee site list --enabled

buatcantik.com
uhousehcmc.com

=========================

ee site show uhousehcmc.com

Display NGINX configuration for uhousehcmc.com

server {

server_name uhousehcmc.com   www.uhousehcmc.com;


access_log /var/log/nginx/uhousehcmc.com.access.log rt_cache;
error_log /var/log/nginx/uhousehcmc.com.error.log;


root /var/www/uhousehcmc.com/htdocs;



index index.php index.html index.htm;


include common/php.conf;
include common/wpcommon.conf;
include common/locations.conf;
include /var/www/uhousehcmc.com/conf/nginx/*.conf;

}

That looks normal too.

Does the nginx configuration compile?

nginx -t

Can we place a test file into the webroot used by Let’s Encrypt?

echo "Hello World" > /var/www/uhousehcmc.com/htdocs/test.txt

nginx -t
nginx: [warn] conflicting server name “mrsbroos.com” on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name “www.mrsbroos.com” on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name “uhousehcmc.com” on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name “www.uhousehcmc.com” on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

The domain name mrsbroos.com DNS is still pointing on old VPS but I have installed in this new server…:sweat_smile:
So if this problem is fixed, I know the steps to migrating my other domains :sweat_smile:

echo “Hello World” > /var/www/uhousehcmc.com/htdocs/test.txt


Thank you @_az

This might be the problem.

It means that you have duplicate virtual hosts somewhere in your nginx configuration, which could be why your website doesn’t appear, and why you can’t issue a Let’s Encrypt certiicate for it.

We can try identify where the duplicate is coming from with:

nginx -T | grep -E -A5 -B5 "server_name\s+uhousehcmc"

grep -RE -A5 -B5 “server_name\s+uhousehcmc” /etc/nginx/
/etc/nginx/sites-enabled/uhousehcmc.com-
/etc/nginx/sites-enabled/uhousehcmc.com-server {
/etc/nginx/sites-enabled/uhousehcmc.com-
/etc/nginx/sites-enabled/uhousehcmc.com-
/etc/nginx/sites-enabled/uhousehcmc.com: server_name uhousehcmc.com www.uho usehcmc.com;
/etc/nginx/sites-enabled/uhousehcmc.com-
/etc/nginx/sites-enabled/uhousehcmc.com-
/etc/nginx/sites-enabled/uhousehcmc.com- access_log /var/log/nginx/uhousehcmc .com.access.log rt_cache;
/etc/nginx/sites-enabled/uhousehcmc.com- error_log /var/log/nginx/uhousehcmc. com.error.log;
/etc/nginx/sites-enabled/uhousehcmc.com-

/etc/nginx/sites-available/uhousehcmc.com-
/etc/nginx/sites-available/uhousehcmc.com-server {
/etc/nginx/sites-available/uhousehcmc.com-
/etc/nginx/sites-available/uhousehcmc.com-
/etc/nginx/sites-available/uhousehcmc.com: server_name uhousehcmc.com www.u househcmc.com;
/etc/nginx/sites-available/uhousehcmc.com-
/etc/nginx/sites-available/uhousehcmc.com-
/etc/nginx/sites-available/uhousehcmc.com- access_log /var/log/nginx/uhousehc mc.com.access.log rt_cache;
/etc/nginx/sites-available/uhousehcmc.com- error_log /var/log/nginx/uhousehcm c.com.error.log;
/etc/nginx/sites-available/uhousehcmc.com-

Sorry, I changed the command to account for how EE stores its config.

Does the new command show anything different?

Hi @_az…, how if I reinstall wp and decided to not using SSL ?. Is it possible to make any https traffic —> redirected to http automatically ?

No anything different…:cold_sweat:

Edit: Maybe, but you have to figure out how to get rid of the HTTP to HTTPS redirect. The last part of this post would help with that.

Not in this case, because the certificate is invalid.

That’s odd.

If you are able to put the full output of nginx -T somewhere like https://dpaste.de/, I can double check for you.

https://dpaste.de/5bXk

thank you @_az

Cool. Let’s try to disable the redirect for that domain:

mv /etc/nginx/conf.d/force-ssl-uhousehcmc.com.conf /etc/nginx/conf.d/force-ssl-uhousehcmc.com.conf.disabled
service nginx restart

(This uses the same method as EE uses internally when you delete SSL).

Once that’s confirmed to work, we can try issue the certificate again.

1 Like

Yayyyyy…it works :innocent:

Thank you so much @_az for your help…I don’t know how to say …but you save my day :kissing_heart:

Another question…Do I need to follow this step again if I want to migrating my other domain to this new vps with LetsEncrypt installed?

1 Like