SOLVED: Net::err_cert_common_name_invalid


#1

My domain is: aivsi.net

I ran this command: certbot --apache -d aivsi.net -d www.aivsi.net

It produced this output: everything seemed to have workd

My web server is (include version): apache

The operating system my web server runs on is (include version):Centos 7

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

If I test the certificate on https://globalsign.ssllabs.com/analyze.html?d=aivsi.net the Common name shows as just “aivsi” … missing .net

Would appreciate any tips, I have used letsencrypt with certbot lots of times before and never had issues, not sure what went wrong this time.


#2

Hi @talextech

there is a self signed certificate, not the Letsencrypt certificate.

But you have created some certificates:

https://crt.sh/?q=aivsi.net

but you don’t use one of these.

Did you restart your Apache?


#3

Now you had a mix content that result in your green padlock to disappear. Please use whynopadlock.com to diagnose and fix it.

Thank you


#4

You’re right Juergen! I’m an idiot :frowning:

But in case it helps anyone else I did have a self signed certificate (I really forgot when I created it) and all the details about it were in httpd/conf.d/ssl.conf

I missed the IncludeOptional conf.d/*.conf line above the letsencrypt certificate so apache was using the selfsigned certificate instead of letsencrypt.

Thanks for pointing me in the right direction, you really must have a lot of patience with people like me asking stupid things all the time :slight_smile:


#5

Now you have a correct certificate. But your logo is loaded via http:

http://aivsi.net/wp-content/uploads/2018/11/aivsi_logo-5.png

This is the mixed content warning. And

you don’t have a preferred version www or non-www.

PS: And your /.well-known/acme-challenge - directory is mysterious. A not-existing file produces a http status 200, instead of 404.


#6

Thanks a lot for the tips, work in progress on the website itself :slight_smile:
Not sure what you mean about the acme-challenge though :frowning: Or is it just that I’m not returning 404? That’s because of the under construction page plugin overriding everything to show it’s page.


#7

Thanks, good to know.

The output is a copy of my own tool:

There are sometimes users with loops. Or the /.well-know/acme-challenge/ - subdirectory is redirected or sends the wrong file.

If someone uses http-01 - validation, a file is placed under /.well-known/acme-challenge, Letsencrypt checks if this file exists and has the correct content.


#8

Sorry, been busy and didn’t get a chance to reply, but thanks a lot for all your help! And the redirect tool you created is awesome! I’ll definitely use it from now on :slight_smile:


#9

Thanks. Yep, this idea makes a lot of things much simpler.

And I’ve added some new features :wink:

Checking the results -> a lot of new ideas.