None of the common names in the certificate match the name that was entered


#1

Hello,
I have a problem with one of my cert.
I use 2 certs for my domain : https://kabelis.fr/
one cert for kabelis.fr and another one for www.kabelis.fr

superuser@server:/etc/letsencrypt/certs# ls
anotherservice.kabelis.fr kabelis.fr www.kabelis.fr

It produced this output:
https://imgur.com/a/It0hczF

i have tried to check my cert with SSL Checker :
None of the common names in the certificate match the name that was entered (www.kabelis.fr). You may receive an error when accessing this site in a web browser.

https://www.sslshopper.com/ssl-checker.html#hostname=https://www.kabelis.fr/
https://www.sslshopper.com/ssl-checker.html#hostname=https://kabelis.fr/

My web server is (include version): debian 9 and apache 2.4

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no i use the shell like a true admin !

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): dehytrated

can you help me with that ?


#2

Hi @Thomas-Clauzel

your main configuration looks ok ( https://check-your-website.server-daten.de/?q=kabelis.fr ):

Domainname Http-Status redirect Sec. G
http://kabelis.fr/
195.154.118.225 301 https://kabelis.fr/ 0.047 A
http://www.kabelis.fr/
195.154.118.225 301 https://kabelis.fr/ 0.063 E
https://www.kabelis.fr/
195.154.118.225 301 https://kabelis.fr/ 2.483 N
Certificate error: RemoteCertificateNameMismatch
https://kabelis.fr/
195.154.118.225 200 6.263 A

But your certificate

CN=kabelis.fr
	22.01.2019
	22.04.2019
expires in 69 days	kabelis.fr - 1 entry

has only one domain name. So it looks that your www- and your non-www version are using the same vHost (that makes things simpler).

But then your certificate should have both domain names.

So create one certificate with the www- and the non-www version.


#3

The www site has no certificate covering that name.
But it will need one to be able to forward any https://www requests elsewhere.


#4

Thanks guys.
my www and my non-www use the same vhost.
but myvhost use different directory :

non www : SSLCertificateFile /etc/letsencrypt/certs/kabelis.fr/cert.pem
www : SSLCertificateFile /etc/letsencrypt/certs/www.kabelis.fr/cert.pem

the first time we create the cert for this website we commit a mistak. In fact we need to create one certificat for www and non-www

old domains.txt
kabelis.fr
cloud.kabelis.fr
www.kabelis.fr

what i think do :
kabelis.fr www.kabelis.fr
cloud.kabelis.fr

what i need to do ?
1 step : revok my 2 certs
2 step : edit my domains.txt
3 step : dehydrated -c ?

How to revoke my certs ?

sorry for my bad english im french :smile:


#5

Normally, one vHost uses one certificate. So that may be the problem.

Never revoke certificates if the private key isn’t stolen. Copy these to another place, so you can reuse these.

I don’t use dehydrated. But there should be an option to create one certificate with two domain names. Then use this with your vHost.


#6

[[[ until you can combine both names into one cert - here is a workaround ]]]

If you have two certs then you will need two vhosts.
You can copy the existing VirtualHost section again into the same file.
[so that it is in there twice]
then change the ServerNames so that one is: kabelis.fr
and the other is: www.kabelis.fr
then update the certificate files accordingly…
[leave all else unchanged - and restart apache]


#7

thank a lot :wink:
i will try the next week
can u let this discussion open for the moment ?


#8

Discussions automatically closed after 1 month of no activity.
[I can’t change that - so you have 30 days to continue it - without requiring admin intervention]


#9

“Next week” is short enough.

If the thread is closed, send a PM.

Or start a new topic, it’s possible to merge two topics.