Roll out multiple domains with 1 IP address not working

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: &

I ran this command: certbot --apache

It produced this output:
Congratulations! You have successfully enabled

You should test your configuration at:

My web server is (include version): Apache

The operating system my web server runs on is (include version): centos 7.6

My hosting provider, if applicable, is: 1& (

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.34.2

Let me start by apologizing for the panicking question a few days back. I was silly and tried to just do it in 1 command. I am now approaching this in a professional manner.

I have several domains hosted on 1 server with 1 IP address. In all I want to get theses domains (with and without www.) secure: casazza:net, clearskyalarmclock:com, ghaas:org, stillwaterstargazers:com, tonightssky:com, and observastore:com. The observastore:com domain is just being held for a future project so I tried it first. Yesterday I did and today I added All looked good! I figured out how the rewrites were accomplished and decided I’d do them by hand after I was sure things were working for the “production” domains. Next, I selected casazza:net and choose not to do redirects. I wanted to test the https connection myself first. It failed, and now is reporting trust issues because it seems to be confused with casazza:net.

[root@www MySites]# certbot certificates

Found the following certs:
Certificate Name:
Expiry Date: 2019-09-23 23:25:42+00:00 (VALID: 89 days)
Certificate Name:
Expiry Date: 2019-09-22 23:34:24+00:00 (VALID: 88 days)
Certificate Name:
Expiry Date: 2019-09-23 20:34:11+00:00 (VALID: 89 days)

Thankfully all the insecure sites are fully functional so I can take my time to get this working before I move on to the next domain.

Usually, you are going to want to combine your www and non-www domains into a single certificate:

 certbot --apache -d -d

Doing it this way reflects the usual way that Apache virtual hosts are organized - for example, this certificate would match a virtual host that looks like:

<VirtualHost *:80>
    # ...

Thank you! That fixed

When I try: certbot --apache -d -d

I get an error with the challenge

Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: unauthorized
    Detail: Invalid response from
    []: “\n\n<!–[if IE 8]>\n<html
    class=“ie ie8” lang=“en-US”>”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

I don’t see anything wrong with my DNS entries, but I have to admit the DNS tools are difficult to use. Is there a DNS tool that can point out my problem? finds no issues.

Am I missing something?


The problem is your /Home redirect rule intercepting the Let’s Encrypt validation request. Do you know where it comes from?

If, for example, you have an .htaccess file that implements this redirect using rewrite rules, you may want to exclude the Let’s Encrypt validation path by having this at the top of the file:

RewriteEngine On
RewriteRule ^\.well-known - [L]

If not, please show the full Apache virtual host for that domain.

This turned out be quite a mess. WordPress has a lot of .htaccess files. I also noticed that if I enable “Option Indexes” Wordpress breaks. I tried a manual install and got a “Certificate Name Mismatch” so just to make sure I did it right I moved my whole webroot folder aside and ran the certbot script with a webroot of a single index.html file. The certbot script ran fine, (I picked attempt to reinstall the existing certificate) but the result remains “Certificate name mismatch” Is this because both domains share the same IP. That seems to be the sense of the message. still looks okay, but does not.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.