My domain is: universitian . timpara . com
My web server is (include version):Apache 2.4.10
The operating system my web server runs on is (include version):Debian 8
I can login to a root shell on my machine (yes or no, or I don't know):Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):ISPConfig3
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.8.0
Hi there,
The problem is with the subdomain. When I try the main domain timpara on its own with https, or when I try universitian . .timpara . com without https, there are no problems. But when I try https://universitian . timpara . com, then get the famous error:
"Browser does not trust this site because it uses a certificate that is not valid for universitian . timpara . com. The certificate is only valid for the following names otherDomain1, www.otherDomain1"
This is despite the fact that I have updated the certificate of timpara to also have the universitian . timpara. com. I can confirm this when I do certbot-auto certificates. It comes neat and clean. The same is true for the otherDomain1 certificate covered domain names. There is no overlap.
Yet after this warning message, browser redirects to OtherDomain1 site. A completely different domain name. In Apache, under the sites-available, I checked the files default-ssl.conf and 000-default.conf, they are just snakeoil certificates and otherDomain1 certificate is no way a "default" certificate.
I have checked the existing help request with the same error message, but I did not see any redirect. If I missed anything, my apologies for any duplicate entry.
@rg305 Thank you for your kınd reply and especially for the websıte lınk and the command. They are good additions to my tool box.
Website link result is further confirmation that something fishy is going on here. When I 'certbot-auto certificates', I do not see any overlap between certificates and the domain names.
The strange thing is 'apachectl -S' gives a pretty innocent looking output with everything 'using_defaults'. With ssl-stapling, ssl-cache and what else. To my mind, this only means that it should be serving snakeoil certificate as default.
I know that the certificate of timpara . com is correct because the problem is only with the subdomain. This subdomain did not exist before. One more think I shall check. This subdomain-hosted website transferred from another top level domain which had had probably issues. It is a Wordpress site and probably the old certificate is lurking somewhere in a plugin. I shall be checking that next...
@rg305 Thanks! I had not posted the output not to look like I just dump the output without checking.
Below is the output (I am sharing this server with others and I had to rename host name to host.net and had to ask others if they minded their sites are mentioned. Some did not want and I had to take out).
Thanks again.
root:/etc/apache2/sites-available# apachectl -S
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
VirtualHost configuration:
*:8081 host.net
(/etc/apache2/sites-enabled/000-apps.vhost:9)
*:8080 host.net
(/etc/apache2/sites-enabled/000-ispconfig.vhost:9)
*:80 is a NameVirtualHost
default server host
(/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost host.net
(/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost avroturk.com
(/etc/apache2/sites-enabled/100-avroturk.com.vhost:7)
alias www.avroturk.com
port 80 namevhost campus.timpara.com
(/etc/apache2/sites-enabled/100-campus.timpara.com.vhost:7)
alias www.campus.timpara.com
port 80 namevhost timpara.com
(/etc/apache2/sites-enabled/100-timpara.com.vhost:7)
alias www.timpara.com
port 80 namevhost universitian.timpara.com
(/etc/apache2/sites-enabled/100-universitian.timpara.com.vhost:7)
alias www.universitian.timpara.com
*:443 is a NameVirtualHost
default server avroturk.com
(/etc/apache2/sites-enabled/100-avroturk.com.vhost:124)
port 443 namevhost avroturk.com
(/etc/apache2/sites-enabled/100-avroturk.com.vhost:124)
alias www.avroturk.com
port 443 namevhost avroturk.com
(/etc/apache2/sites-enabled/avroturk.com.vhost-le-ssl.conf:2)
alias www.avroturk.com
port 443 namevhost bilgi.avroturk.com
(/etc/apache2/sites-enabled/bilgi.avroturk.com.vhost-le-ssl.conf:2)
alias www.bilgi.avroturk.com
port 443 namevhost timpara.com
(/etc/apache2/sites-enabled/timpara.com.vhost-le-ssl.conf:2)
alias www.timpara.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex authdigest-client: using_defaults
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33
By the way, my theory about some Wordpress plugin having wrong certificate link is baseless.
I created another subdomain (campus.timpara.com and it has nothing other than an index.html) and added it to timpara certificate. Guess what; the same result. The same certificate of the other website (belongs to someone else) sharing this host comes. Exactly the same certificate comes. Strange.
