Only some of the domains work

Hello! I am struggling a little with setting Letsencrypt up on my server properly. I am running a few websites from that virtual server using Apache, and am running the following command:

> ./letsencrypt-auto certonly --apache --renew-by-default -d example1.com -d www.example1.com -d example2.com -d www.example2.com ...

There are no error messages or problems when running the script, but unfortunately, only the www links seem to work without an error page in the Browser. Firefox displays " Error code: SSL_ERROR_BAD_CERT_DOMAIN" when trying to open https://example1.com or https://example2.com

What am I doing wrong here?

Did you create a cert with only the www. versions before that one? If you did then you’ll have started a new certificate lineage as you didn’t use the --expand option, so you’ll need to update the apache config to use the new cert.

I might have - tried a few things before I found this halfway working solution… Could you tell me how to do this?

Look in /etc/letsencrypt/live, each directory in there is a separate set of certs. Then in each one run

 openssl x509 -noout -text -in cert.pem

until you find the correct one.

Once you’ve found it change the SSLCertificate lines in the VirtualHosts to the files in that directory.

OK, I’m slightly confused… Is the one containing all the others under " X509v3 Subject Alternative Name:" the correct one?

Yes, that’s the field that matters.

I have noticed that the certificate contained in the www.example1.com directory was the only one that listed all domains, and set the certificate setting for the site configuration in the others to that file and restarted Apache. Alas, to the same result.

Is there a way to delete all certificates and start with a fresh letsencrypt run?

Delete the contents of the live, archive and renewal directories.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.