Old hostname used with certbot --apache, even when manually specifying hostname

My domain is: slow.tarmo.cz

I ran this command: certbot --apache -d slow.tarmo.cz

It produced this output: Already discarded, no errors indicated. Log available on request.

My web server is (include version): Apache httpd-2.4.41

The operating system my web server runs on is (include version): Fedora 31

My hosting provider, if applicable, is: me

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.0.0

I have a DSL connection with a fixed IP address and the DNS record set to resolve to slow.tarmo.cz. The computer normally running at that address is out for maintenance and a backup computer is running there. I installed httpd and certbot from scratch and made the certificates for the backup computer.

HOWEVER, I forgot to rename the backup computer prior to doing this from its actual name, r710, to the name it is to assume, slow. The certificate was generated for r710.

After noticing that, I changed the hostname with hostnamectl set-hostname slow, uninstalled apache and certbot and deleted /etc/httpd and /etc/letsencrypt entirely. I set up the basic Apache server with virtualhost on port 80 and generated the certificates with certbot --apache -d slow.tarmo.cz.

Despite this, the certificate is still assigned to r710, which causes a security complaint in the browser. What have I done incorrectly?

Hi @lammikko

you have created some certificates - https://check-your-website.server-daten.de/?q=slow.tarmo.cz#ct-logs

All have the name slow.tarmo.cz, so you can use one of these.

But you use a self signed certificate:

E=root@r710, CN=r710, O=Unspecified, C=US
	15.01.2020
	19.01.2021
expires in 370 days	r710 - 1 entry

So it’s not a certificate creation problem, it’s a certificate installation problem. Don’t create certificates again, there is a rate limit.

Or your Apache config is buggy, so Certbot doesn’t understand your config.

What says

apachectl -S
certbot certificates

Hello.

httpd -S says

VirtualHost configuration:
*:80 slow.tarmo.cz (/etc/httpd/conf/httpd.conf:47)
*:443 is a NameVirtualHost
default server slow.tarmo.cz (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost slow.tarmo.cz (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost slow.tarmo.cz (/etc/httpd/conf/httpd-le-ssl.conf:2)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
PidFile: “/etc/httpd/run/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48

certbot certificates says

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: slow.tarmo.cz
Domains: slow.tarmo.cz
Expiry Date: 2020-04-14 12:16:43+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/slow.tarmo.cz/fullchain.pem
Private Key Path: /etc/letsencrypt/live/slow.tarmo.cz/privkey.pem

There

is your problem. Two vHosts with the same domain name. Merge these in one and use

in your configuration.

Thank you very much. Fixed.

When I was googling for the answers, I noticed that the common problem was that there was a self-signed certificate in use despite running certbot. Idea: modify certbot to remove the self-signed certificate as part of the fully automated letsencrypt process.