Replace domain in certificate

They seem to be on different servers because the registrar has moved the domain to some kind of holding server thingy. They’ve always been on the Amazon web hosting in Germany. The current .org server also has the .com certificate. The only way .com can be on another server is that the registrar is redirecting the domain to their own servers. The main site is on the Germany server.

The main problem is however, how do I remove the .com certificate and replace it with a .org certificate? I keep getting the errors given above no matter what I try to do.

You create a certificate with .com:

So don’t do that. Create one only with .org.


1 Like

You are right, it says .com.
This is very strange, because I am 99% sure I am using .org to create create the request. As in
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly


OK, tried it again. Still the same type of error

Failed authorization procedure. (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "" (and 1 more) found at, (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "" (and 1 more) found at _acme-challenge.liberalismonline.orgIMPORTANT NOTES: - The following errors were reported by the server: Domain: Type: unauthorized Detail: Incorrect TXT record "" (and 1 more) found at Domain: Type: unauthorized Detail: Incorrect TXT record "" (and 1 more) found at To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

OK I tried
certbot certonly --cert-name -d,

and I get
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/ Your key file has been saved at: /etc/letsencrypt/live/ Your cert will expire on 2020-03-02. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew all of your certificates, run “certbot renew”

But when I visit the site I see a broken certificate and this

Do you also own this domain ? This is just a link to a png on ownCloud.

I believe each domain name should be preceded with -d and not have a comma between them.
Did you read the certbot user guide as @JuergenAuer suggested?

Certbot supports both “-d -d” and “-d,”.

1 Like

Okay, thanks. I’ll remember that. :wink:

Yes, of course it’s a png on ownCloud. And yes it’s my domain/site. The thing is what the png shows - that the domain still claims the certificate is for not .org despite the message that certbot changed the domain to .org.

And yes I read the document, the command I used is from the manual, changing to Which I would’ve guessed was obvious due to the status of the command that I posted.

Checking your domain you have created the correct certificate -

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-12-03 2020-03-02, - 2 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-12-03 2020-03-02 - 1 entries duplicate nr. 1

The last is good, so that part is done.

But you don’t use it, instead, there is a wildcard of your com domain:
expires in 72 days	*, - 2 entries

So your vHost setup is broken.

What says

apachectl -S
1 Like

Then I get
SSLCertificateFile: file ‘/opt/bitnami/apache2/conf/server.crt’ does not exist or is empty

Your topic: nginx.

Your website: Apache.

Now: Bitnami.

–> Check the Bitnami documentation how to install your certificate.

You mean as in post 9?
I’ve already installed the .com certificate once - there is no docs on how to change it to .org that I found. I could possibly set up a load balancer and install a .org-certificate on that to point to the site. Looks like complete overkill, even if it would be possible.

This is a bit “confusing”.
Your asking for certificates for .org whilst calling the cert by a .com name.
There is no .com name in that cert… ~ ~ ~ creating confusion ~ ~ ~

1 Like

This is still the right thing to do if you specifically don’t want to update web server configuration files, although I agree it might create the wrong impression for someone looking at those files in the future.

1 Like

They could have used a non-FQDN cert name like: “liberalismonline”
Using a real FQDN (and one they don’t even control), to me, is bad practice.

1 Like

I had no idea the registrar would f*** up the domain, in which case there wouldn’t have been a problem at all. It’s possible that another naming scheme would be better, but now there isn’t one. And it doesn’t resolve the problem.

I’ve changed the domain in the certificate to .org (at least - that is what the certbot message claims), but still - when browsing the site, the certificate claims it’s for the .com domain. How do I fix this?

1 Like

Your command was certonly.
Have you restarted the web server since?


That was what I had missed …
Thanks a lot for putting up with this endless thread, which now finally seems to have come to an end.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.