Old hostname used with certbot --apache, even when manually specifying hostname

lammikko · January 15, 2020, 2:46pm

My domain is: slow.tarmo.cz

I ran this command: certbot --apache -d slow.tarmo.cz

It produced this output: Already discarded, no errors indicated. Log available on request.

My web server is (include version): Apache httpd-2.4.41

The operating system my web server runs on is (include version): Fedora 31

My hosting provider, if applicable, is: me

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.0.0

I have a DSL connection with a fixed IP address and the DNS record set to resolve to slow.tarmo.cz. The computer normally running at that address is out for maintenance and a backup computer is running there. I installed httpd and certbot from scratch and made the certificates for the backup computer.

HOWEVER, I forgot to rename the backup computer prior to doing this from its actual name, r710, to the name it is to assume, slow. The certificate was generated for r710.

After noticing that, I changed the hostname with hostnamectl set-hostname slow, uninstalled apache and certbot and deleted /etc/httpd and /etc/letsencrypt entirely. I set up the basic Apache server with virtualhost on port 80 and generated the certificates with certbot --apache -d slow.tarmo.cz.

Despite this, the certificate is still assigned to r710, which causes a security complaint in the browser. What have I done incorrectly?

JuergenAuer · January 15, 2020, 3:32pm

Hi @lammikko

you have created some certificates - https://check-your-website.server-daten.de/?q=slow.tarmo.cz#ct-logs

Issuer	not before	not after	Domain names	LE-Duplicate
Let's Encrypt Authority X3	2020-01-15	2020-04-14	slow.tarmo.cz - 1 entries	duplicate nr. 3
Let's Encrypt Authority X3	2020-01-15	2020-04-14	r710.tarmo.cz, slow.tarmo.cz - 2 entries	duplicate nr. 2
Let's Encrypt Authority X3	2020-01-15	2020-04-14	r710.tarmo.cz, slow.tarmo.cz - 2 entries	duplicate nr. 1
Let's Encrypt Authority X3	2020-01-15	2020-04-14	slow.tarmo.cz - 1 entries	duplicate nr. 2
Let's Encrypt Authority X3	2020-01-15	2020-04-14	slow.tarmo.cz - 1 entries	duplicate nr. 1

All have the name slow.tarmo.cz, so you can use one of these.

But you use a self signed certificate:

E=root@r710, CN=r710, O=Unspecified, C=US
	15.01.2020
	19.01.2021
expires in 370 days	r710 - 1 entry

So it's not a certificate creation problem, it's a certificate installation problem. Don't create certificates again, there is a rate limit.

Or your Apache config is buggy, so Certbot doesn't understand your config.

What says

apachectl -S
certbot certificates

lammikko · January 15, 2020, 6:36pm

Hello.

httpd -S says

VirtualHost configuration:
*:80 slow.tarmo.cz (/etc/httpd/conf/httpd.conf:47)
*:443 is a NameVirtualHost
default server slow.tarmo.cz (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost slow.tarmo.cz (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost slow.tarmo.cz (/etc/httpd/conf/httpd-le-ssl.conf:2)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
PidFile: “/etc/httpd/run/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48

certbot certificates says

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: slow.tarmo.cz
Domains: slow.tarmo.cz
Expiry Date: 2020-04-14 12:16:43+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/slow.tarmo.cz/fullchain.pem
Private Key Path: /etc/letsencrypt/live/slow.tarmo.cz/privkey.pem

JuergenAuer · January 15, 2020, 6:54pm

There

is your problem. Two vHosts with the same domain name. Merge these in one and use

in your configuration.

lammikko · January 15, 2020, 7:17pm

Thank you very much. Fixed.

When I was googling for the answers, I noticed that the common problem was that there was a self-signed certificate in use despite running certbot. Idea: modify certbot to remove the self-signed certificate as part of the fully automated letsencrypt process.

system · February 14, 2020, 7:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot renewal fails with binding error or authentication failure Help	5	526	October 26, 2020
Certbot renew causing apache to respond very slowly Help	12	806	July 8, 2021
Does the number of domains hosted affect the performance of Certbot Help	16	1249	December 1, 2019
Omg help please, cant get a cert, hostname issues Help	11	1827	July 20, 2018
Certbot --apache is using the wrong hostname Server	6	2982	January 18, 2018

Old hostname used with certbot --apache, even when manually specifying hostname

Related topics