[Solved] Wrong Domain in Certificate?


#1

Hi, I am using Centos 6.8 / apache.
I have several domains on the same IP address.
I am using certbot-auto to create certificates for my domains one by one.

Some domains are working fine, others are creating problems. I could not find out what the difference between the domains are since they are all setup pretty much the same way.

So let’s take a domain that works: wamonoart.com
This is the apache config:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin webmaster@wamonoart.com
    DocumentRoot /home/wamonoart/public_html
    ServerName wamonoart.com
    ServerAlias www.wamonoart.com
    ErrorLog logs/wamonoart.error.log
    CustomLog logs/wamonoart.acccess.log common
    <Directory /home/wamonoart/public_html>
        Options FollowSymLinks
        AllowOverride All
    </Directory>
SSLCertificateFile /etc/letsencrypt/live/www.wamonoart.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.wamonoart.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/www.wamonoart.com/chain.pem
</VirtualHost>
</IfModule>

And here is a domain that does NOT Work:

Forex-history.net:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin webmaster@forex-history.net
    DocumentRoot /home/forex-history/public_html
    ServerName forex-history.net
    ServerAlias forex-history.com
    ErrorLog logs/forex-history.error.log
    CustomLog logs/forex-history.acccess.log common
    <Directory /home/forex-history/public_html>
        Options FollowSymLinks
        AllowOverride All
    </Directory>
SSLCertificateFile /etc/letsencrypt/live/forex-history.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/forex-history.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/forex-history.com/chain.pem
</VirtualHost>
</IfModule>

That one uses another domain name hosted on the same machine, “hongkong-rocks.com”.

Any idea what is going on here? The configs were created by certbot-auto. The symlinks to the files are intact. The targets have the right date/time of when I created the certs, but the cert in the browser is 10 days older than that (the age of hongkong-rocks.com)


#2

When you reload / restart apache, are there any errors shown ( or given in the logs) ?


#3

So there are no issues, but I realized something else now:

Once I click past the “add exception?” request from Firefox it actually redirects me to the wrong domain (honkong-rocks.com). So it means that the SSLsetup is correct, it’s the virtualhos setup that is wrong since it points to the wrong “exit” domain. No idea why or how. Will have to find that out now.


#4

Seems I need to manually add the “NameVirtualHost *:443” to the top of the config files, otherwise it does not work for configs that are alphabetically below the default domain.