Some apache domain alias can not optain cert


#1

Dear Support Team - dear community

My domain is: update-fitness.ch
Aliases (defined as alias in VHost of Apache Conf):
updatefitness.com
update.fit
updatefitness.ch
update-fitness.com
www.update-fitness.com
www.updatefitness.ch
www.update.fit
www.update-fitness.ch
www.updatefitness.com
coop-fitness.ch
coopfitness.ch
www.coop-fitness.ch
www.coopfitness.ch

I ran this command: ./certbot-auto --apache -d …

It produced this output:

with the follwing domains:
updatefitness.com
update.fit
updatefitness.ch
update-fitness.com
www.update-fitness.com
www.updatefitness.ch
www.update.fit
www.update-fitness.ch

everything works fine!

as soon as i try it including:

www.updatefitness.com
coop-fitness.ch
coopfitness.ch
www.coop-fitness.ch
www.coopfitness.ch

i get

Domain: www.updatefitness.com
Type: unauthorized
Detail: Invalid response from
http://www.updatefitness.com/.well-known/acme-challenge/4wqsMy7NtJmXIDByLpYjU_d5V2eY718WPnbC5IMq_X8
[185.3.232.74]: “\n\n404 Not
Found\n\n

Not Found

\n<p”

My web server is (include version): Apache 2.7

The operating system my web server runs on is (include version): Debian 8.7

My hosting provider, if applicable, is: alfahosting.de

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.32.0


#2

Hi @Nicolaj_7

if you have a situation, that

updatefitness.com

works, but

www.updatefitness.com

not, that looks that your vHosts are the problem.

Every combination of port and domain name must be unique.

Yep, checked that domain there you see the problem ( https://check-your-website.server-daten.de/?q=updatefitness.com ):

Domainname Http-Status redirect Sec. G
http://updatefitness.com/
185.3.232.74 200 0.174 H
http://www.updatefitness.com/
185.3.232.74 200 0.056 H
https://updatefitness.com/
185.3.232.74 200 0.626 I
https://www.updatefitness.com/
185.3.232.74 200 0.497 N
Certificate error: RemoteCertificateNameMismatch
http://updatefitness.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.3.232.74 404 0.703 A
Not Found
Visible Content: Direkt zum Inhalt Toggle navigation Startseite Standorte Region Basel, Aare Basel SBB Binningen BL Oberwil BL Möhlin Aarau Zofingen Wettingen (März 2019) Reinach AG (Sommer 2019) Sursee Bellach Region Bern Bern Marzili Bern Ostermundigen (Frühjahr 2019) Bern Schönburg (Ende 2019) Langenthal Grosshöchstetten Region Zürich, Schaffhausen Feuerthalen Neuhausen Winterthur Region Thurgau Aadorf Amriswil Bischofszell Frauenfeld Münchwilen Weinfelden Central Weinfelden Ost Region Fürstenland / Toggenburg Gossau Uzwil Wil Zuzwil Wattwil Region St. Gallen St. Gallen Bahnhof St. Gallen Central St. Gallen Ost St. Gallen West Wittenbach Region Appenzellerland Appenzell Herisau Teufen Region Bodensee, Rheintal Buchs Heerbrugg Rorschach Altstätten Landquart Chur St. Moritz Dorf St. Moritz Bad An allen diesen Standorten ist dein Abo gültig. Angebot Zusatzangebote Kidsdance Uzwil Teens-Fitdance Uzwil Physiotherapie Online Laufpläne “The Ninja Challenge” Park Münchwilen Crossfit “St.Moritz” Zusatzangebote Aus- und Weiterbildung update Akademie Ernährung Blog update Nutrition Muskelaufbau Gesundheit Fettabbau Ausdauer Kinderwelten Kinderwelt Möhlin Kinderwelt Wittenbach Kinderwelt Uzwil Group Fitness Gruppenstundenpläne Gruppentraining-Events CyberCycling Pierre on Tour 2019 Shop Unternehmen Unsere Werte Dein Job bei update Wissen Sponsoring Partnerschaften Kontakt apply Weiterleitung Newsletter abonnieren Jobs Aus- und Weiterbildung Sponsoring Partnerschaften Impressum Datenschutz © Copyright 2019 update Fitness AG
http://www.updatefitness.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.3.232.74 404 0.060 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server.

The file /.well-known/acme-challenge/unknown-file doesn’t exist.

But the non-www has a big answer, the www has only a small error message.

So check your vHost of updatefitness.com and add a

ServerAlias www.updatefitness.com

so both domain names use the same vHost.

Perhaps, the www version uses the default vHost -> that’s the difference.

Didn’t checked the other domains, perhaps check these domains -> may be the same problem.


#3

Hi Juergen
Thanks for you very quick answer!
I have all the alias configured in the same VirtualHost

    ServerName www.update-fitness.ch
    ServerAlias update-fitness.ch
    ServerAlias www.updatefitness.ch updatefitness.ch
    ServerAlias www.update.fit update.fit
    ServerAlias www.update-fitness.com update-fitness.com
    ServerAlias www.updatefitness.com updatefitness.com
    ServerAlias www.coopfitness.ch coopfitness.ch
    ServerAlias www.coop-fitness.ch coop-fitness.ch

Until today the folders .well-known and acme-challenge didn’t even exist. I added the folders while trying to fix my problem. But everything worked without it until i tried to add the last 4 alias.
is this a new “feature” or how can this be?

Thanks and best regards
Nicolaj


#4

Two values in one row? Use

ServerAlias www.coop-fitness.ch 
ServerAlias coop-fitness.ch

#5

I thought it can be in one row:
http://httpd.apache.org/docs/2.4/mod/core.html#serveralias
I will try one line for every alias…
thx

btw: i’m using Apache 2.4 - not as noted before 2.7


#6

I “cleaned” the two virtualhosts (for http and https) and was able to get certificates for the last 4 domains. but the domain www.updatefitness.com still produces the same error.

i checked the domain update-fitness.com as you did for updatefitness.com and i get about the same answers. https://check-your-website.server-daten.de/?q=update-fitness.com

i’dont see what’s the difference between the two :frowning:

thanks and best regards
nicolaj


#7

These aren’t the same answers.

The https://check-your-website.server-daten.de/?q=updatefitness.com doesn’t has a redirect http -> https, the non www /.well-known/acme-challenge and the www /.well-known/acme-challenge are different.

Your check of https://check-your-website.server-daten.de/?q=update-fitness.com

Both /.well-known/acme-challenges - checks redirect to https, both have the same (long) content.

So the update-fitness.com looks good (and has a new 90 days LE-certificate), but the updatefitness.com may use different vHost definitions.

Start with your port 80 vHosts.


#8

You’re of course right. Thanks pointing this out.

However I’m unable to find the difference but i see i can’t access http://www.updatefitness.com/.well-known/acme-challenge/test.html

Strange part: the ServerAlias for www.updatefitness.com is in between working domains and nothing else I configured for this domain (except the redirect certbot made)

    ServerAlias www.update-fitness.com
    ServerAlias update-fitness.com
    ServerAlias www.updatefitness.com
    ServerAlias updatefitness.com
    ServerAlias www.coopfitness.ch

But i see it’s not a certbot problem at all. Thanks for your support and best regards
Nicolaj


#9

Is that port 80 or port 443?

Both vHosts should have that.

Perhaps “remove” your default vHost (if there is one) by adding

ServerName notexistingDomain

then you see, if the domain uses the correct vHost.


#10

in both conf files for port 80 and 443 it looks the same:

    ServerName www.update-fitness.ch
    ServerAdmin web@update-fitness.ch
    ServerAlias update-fitness.ch
    ServerAlias www.updatefitness.ch
    ServerAlias updatefitness.ch
    ServerAlias www.update.fit
    ServerAlias update.fit
    ServerAlias www.update-fitness.com
    ServerAlias update-fitness.com
    ServerAlias www.updatefitness.com
    ServerAlias updatefitness.com
    ServerAlias www.coopfitness.ch
    ServerAlias coopfitness.ch
    ServerAlias www.coop-fitness.ch
    ServerAlias coop-fitness.ch

in the conf for the http certbot added (some i added, since i found them missing):

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.updatefitness.ch [OR]
RewriteCond %{SERVER_NAME} =update.fit [OR]
RewriteCond %{SERVER_NAME} =updatefitness.ch [OR]
RewriteCond %{SERVER_NAME} =update-fitness.ch [OR]
RewriteCond %{SERVER_NAME} =update-fitness.com [OR]
RewriteCond %{SERVER_NAME} =updatefitness.com [OR]
RewriteCond %{SERVER_NAME} =www.update-fitness.com [OR]
RewriteCond %{SERVER_NAME} =www.updatefitness.com [OR]
RewriteCond %{SERVER_NAME} =www.update.fit [OR]
RewriteCond %{SERVER_NAME} =coop-fitness.ch [OR]
RewriteCond %{SERVER_NAME} =www.coop-fitness.ch [OR]
RewriteCond %{SERVER_NAME} =coopfitness.ch [OR]
RewriteCond %{SERVER_NAME} =www.coopfitness.ch [OR]
RewriteCond %{SERVER_NAME} =www.update-fitness.ch

i also check the other conf files (for some other domains) if i mistakenly configured something for the faulty domain… nothing.

apachectl -s shows the domain as alias correctly and i’m used to the fact apache doesn’t like faulty configurations and wouldn’t start.

regards
nicolaj


closed #11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.