I have another domain hosted on the same server, domain2.com. I issued the same above command for domain2 and created another wildcard certificate without any error. But, this certificate for domain2.com doesn’t work properly.
SSLlabs check says “Certificate name mismatch. Try these other domain names (extracted from the certificates): xxx.domain1.com”
xxx.domain1.com is the hostname of the server in /etc/hosts file. It seems to me that if I need a wildcard certificate for domain2.com, I should add a hostname, yyy.domain2.com to /etc/hosts file. Is it correct way of solving this problem? Or do I need to do anthing else?
You need to understand SNI and how your web server applies specific names to individual virtual hosts.
Each host should have a specific (non-overlapping) set of name(s) it will serve.
When an exact name match is NOT found the default virtual host config is used.
So I guess you don’t have a host for domain2 and domain1 is the default.
A close look shows that my problem lies somewhere else. My new domain is wintess-software.com. SSLLabs report that my new domain wintess-software.com has a certificate name mismatch with winsvr.wintess.com. Yes, wintess.com also belongs to me, but resides on a different server with different IP. On top of this, a hostname of winsvr.wintess.com doesn’t exist in DNS records.
I scanned new server to check if winsvr.wintess.com exists anywhere in /etc folder. And it found it in /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/e54732689f6ca87b0a826216b9abd68a/meta.json
So, thinking that I mis-typed domain name while creating cert, I revoked and deleted certificates for wintess-software.com. Also, deleted all /etc/letsencrypt folder. Then, successfully created wildcard certificate again for wintess-software.com.
Probably, I made a mistake and stuck with winsvr.wintess.com which doesn’t even exist. How can I get rid of it? Or is it just a propagation delay like DNS records?
But, winsvr.wintess.com doesn't even exist anywhere. At least, I can't find how LE process invented and inserted it in the process from nowhere?
I am no an expert, but mail.wintess-software.com has nothing to do with web server. All the other subdomains (*.wintess-software.com) work without any problem with the webserver. Problem is with mail subdomain which of course has no virtual host entry for apache conf.
you have installed the wrong certificate. If you have created such a certificate, you can use it with the wrong domain name. That's what you are doing.
Install the correct certificate (or create one and install it).
Spoke too soon. subdomain.wintess-software.com not working as well. OK. So, I understand that the cert is wrong. I revoked and deleted all the existing certificates. And created again. But, LE created the new certificates with the same date of deleted certificates. It has the same problem.
How can I create a fresh new certificate with new date?