[SOLVED]NET::ERR_CERT_COMMON_NAME_INVALID on www

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://sarkastikan.com - www.sarkastikan.com

I ran this command: certbot

It produced this output: everything okay

My web server is (include version): * Intel® Xeon® Gold 6140 | 32 GB DDR4 RAM

The operating system my web server runs on is (include version): Linux Ubuntu 18.04 LTS

My hosting provider, if applicable, is: /

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, root shell only

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hey,
i get the Error:

NET::ERR_CERT_COMMON_NAME_INVALID

when i type my page with www -

without www everything’s okay - i have certificates with and without www. i tried to delete the www certificate and add the www. to the other certificate. I even redirect everything to dopmain without www.

Anyone can help ? I Would appreciate it.

Greetings,
Soubi

2

Hi @Soubi

good: You have created correct certificates ( https://check-your-website.server-daten.de/?q=sarkastikan.com#ct-logs ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
987464391 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-26 11:07:07 2019-09-24 11:07:07 sarkastikan.com, www.sarkastikan.com - 2 entries duplicate nr. 2
987410359 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-26 10:35:28 2019-09-24 10:35:28 www.sarkastikan.com - 1 entries duplicate nr. 3
987404543 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-26 10:29:43 2019-09-24 10:29:43 sarkastikan.com - 1 entries duplicate nr. 2
987392836 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-26 10:17:01 2019-09-24 10:17:01 www.sarkastikan.com - 1 entries duplicate nr. 2
987389920 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-26 10:13:32 2019-09-24 10:13:32 sarkastikan.com, www.sarkastikan.com - 2 entries duplicate nr. 1
982017421 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-23 10:52:22 2019-09-21 10:52:22 music.sarkastikan.com - 1 entries duplicate nr. 1
982016588 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-23 10:51:43 2019-09-21 10:51:43 sarkastikan.com - 1 entries duplicate nr. 1
982004688 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-23 10:43:17 2019-09-21 10:43:17 www.sarkastikan.com - 1 entries duplicate nr. 1

The last certificate has two domain names, you should use that.

Not so good: You have redirects to another domain:

Domainname Http-Status redirect Sec. G
• http://www.sarkastikan.com/
85.235.65.177 301 https://sarkastikan.com/ 0.043 E
• http://sarkastikan.com/
85.235.65.177 200 0.530 H
• https://sarkastikan.com/
85.235.65.177 301 https://www.respekturtle.at/ 0.623 N
Certificate error: RemoteCertificateNameMismatch
• https://www.sarkastikan.com/
85.235.65.177 301 https://www.respekturtle.at/ 0.380 N
Certificate error: RemoteCertificateNameMismatch
• https://www.respekturtle.at/ 200 0.730 I

And bad: You use the wrong certificate:

CN=respekturtle.at
	03.05.2019
	01.08.2019
expires in 36 days	
respekturtle.at, www.respekturtle.at - 2 entries

Looks like the wrong vHost is used.

What says

apachectl -S
1 Like
3

Hi JĂĽrgen,

thank you for your Message.
I created 3 Vhosts on my Server and everything was working fine about a month ago and i dont know what have changed. (Its a Non Profit Project for websites for NgO’s)

I redirect just within the vhost apache conf (from www.domain.com to https://domain.com)

I deleted all entries for sarkastikan from /etc/letsencrypt/archive, live and renew.
Deleted the sarkastikan conf files from apache2/sites enabled and
Checked the sarkastikan.conf in sites-available and deleted the related le-ssl in this.

Restarted apache.
a2ensite sarkastikan.com+

Okay. Its now online without ssl - can i now simply obtain a new certificate for www.sarkastikan.com and sarkastikan.com via the certbot command ? Or is there something else to do ?

PS: i tried it with a wildcard too , did the txt rule in the cname … same thing…

Sorry for that much questions, im feeling dumb with this…

4

Why do you delete certificates if you want to use these?

There is a rate limit you may hit now.

Delete certificates if they are not used and if they are expired.

5

Oh, that was just a knowledge issue of myself… how can i check the limit for this domain ?
Can i obtain new certificates just by using the certbot command ? I afraid that i will get the same errors like before

2 Likes
6

Create a new certificate with both domain names. If you hit the limit, you will see it.

1 Like
7

Everything works now - Website is online and certificate is OK. i did it with certbot -d … i think the redirect in my htaccess failed everything, because i redirected to hostname … Thank you for your help :slight_smile:

2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.