Official Apache Client Issues Certificate to ServerAlias over ServerName


#1

I recently installed a new certificate with the official Let’s Encrypt client, following the instructions from the website:

$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --apache

On the Which names would you like to activate HTTPS for? prompt, the domains were listed in the following order:

No selections were changed, I agreed to the license agreement, entered contact email, and it prompted me that certificates were already installed and not expiring soon. These were test certificates that I installed using:

 $ ./letsencrypt-auto --apache --test-cert

Now this may seem like a small nitpick, but it actually makes the directory structure different and this would be more obvious with a different subdomain name.

My current certificate can be viewed here and the SSL Server Test here.

Apache Config File (before running Let’s Encrypt client):

<VirtualHost *:80>
        ServerAdmin webmaster@atomicspark.net
        ServerName atomicspark.net
        ServerAlias www.atomicspark.net
        DocumentRoot /var/www/atomicspark.net/public_html/
        ErrorLog /var/www/atomicspark.net/logs/error.log
        CustomLog /var/www/atomicspark.net/logs/access.log combined
</VirtualHost>

Expected:

Workaround:

What’s the best way to force the Subject and Common certificate names and directory paths, while keeping it compatible with the Apache module and auto renewal?

Thank you.


#2

I think you’re running into a bug that’s been introduced in the last release which causes the domain order to be scrambled. It’ll be fixed in 0.6.0. More details on GitHub:

You could try downgrading to 0.4.* or running from master (you should expect things to break occasionally with that option).

This probably won’t change the directory name in /etc/letsencrypt/live unless you start with a clean configuration.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.