SSL certificate appears on different domain

Help
1

Screenshot 2023-07-05 at 21.40.23
Screenshot 2023-07-05 at 21.40.231250×779 81.9 KB

My SSL certificate on https://eadmin.app is not valid because there is SSL certificate of https://zpflorence.eadmin.app.

When I call sudo certbot -d eadmin.app then domain https://eadmin.app starts working, but at the same time domain https://zpflorence.eadmin.app stops working because there appears SSL certificate of https://eadmin.app.

When I call sudo certbot -d zpflorence.eadmin.app then domain https://zpflorence.eadmin.app starts working, but at the same time domain https://eadmin.app stops working because there appears SSL certificate of https://zpflorence.eadmin.app.

Could you please advise me how to get out of this? How to make both domains work? The problem arose because I swapped the contents of the files etc/apache2/sites-available/eadmin.app.conf and etc/apache2/sites-available/zpflorence.eadmin.app.conf.

Now the contents of both files are fine. Both files are deployed via sudo a2ensite eadmin.app.conf and sudo a2ensite zpflorence.eadmin.app.conf.

2

Hi @komareklukas, and welcome to the LE community forum :slight_smile:

Let's start with the output of these two commands:
certbot certificates
sudo apachectl -t -D DUMP_VHOSTS

4 Likes
3

Hi @rg305

komarek@komarek-server:/home$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/my.momentumassets.eadmin.app/cert.pem is unknown

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: api.eadmin.cloud
    Domains: api.eadmin.cloud
    Expiry Date: 2023-08-17 02:17:48+00:00 (VALID: 42 days)
    Certificate Path: /etc/letsencrypt/live/api.eadmin.cloud/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/api.eadmin.cloud/privkey.pem
  Certificate Name: averages.online
    Domains: averages.online www.averages.online
    Expiry Date: 2023-08-17 02:18:04+00:00 (VALID: 42 days)
    Certificate Path: /etc/letsencrypt/live/averages.online/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/averages.online/privkey.pem
  Certificate Name: battery-import.eadmin.app
    Domains: battery-import.eadmin.app
    Expiry Date: 2023-08-29 22:02:36+00:00 (VALID: 55 days)
    Certificate Path: /etc/letsencrypt/live/battery-import.eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/battery-import.eadmin.app/privkey.pem
  Certificate Name: comamdelat.eadmin.app
    Domains: comamdelat.eadmin.app
    Expiry Date: 2023-08-26 19:41:39+00:00 (VALID: 51 days)
    Certificate Path: /etc/letsencrypt/live/comamdelat.eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/comamdelat.eadmin.app/privkey.pem
  Certificate Name: eadmin.app
    Domains: eadmin.app www.eadmin.app
    Expiry Date: 2023-08-20 17:18:37+00:00 (VALID: 45 days)
    Certificate Path: /etc/letsencrypt/live/eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/eadmin.app/privkey.pem
  Certificate Name: eadmin.cloud
    Domains: eadmin.cloud www.eadmin.cloud
    Expiry Date: 2023-09-01 07:49:10+00:00 (VALID: 57 days)
    Certificate Path: /etc/letsencrypt/live/eadmin.cloud/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/eadmin.cloud/privkey.pem
  Certificate Name: igloooopark.land
    Domains: igloooopark.land www.igloooopark.land
    Expiry Date: 2023-08-27 16:45:58+00:00 (VALID: 52 days)
    Certificate Path: /etc/letsencrypt/live/igloooopark.land/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/igloooopark.land/privkey.pem
  Certificate Name: luxusniobrazy.eadmin.app
    Domains: luxusniobrazy.eadmin.app
    Expiry Date: 2023-08-29 22:02:51+00:00 (VALID: 55 days)
    Certificate Path: /etc/letsencrypt/live/luxusniobrazy.eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/luxusniobrazy.eadmin.app/privkey.pem
  Certificate Name: mojetiande.eadmin.app
    Domains: mojetiande.eadmin.app
    Expiry Date: 2023-09-02 20:01:49+00:00 (VALID: 58 days)
    Certificate Path: /etc/letsencrypt/live/mojetiande.eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/mojetiande.eadmin.app/privkey.pem
  Certificate Name: momentumas.cz
    Domains: momentumas.cz
    Expiry Date: 2023-09-07 08:03:13+00:00 (VALID: 63 days)
    Certificate Path: /etc/letsencrypt/live/momentumas.cz/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/momentumas.cz/privkey.pem
  Certificate Name: momentumassets.eadmin.app
    Domains: momentumassets.eadmin.app
    Expiry Date: 2023-08-26 19:41:52+00:00 (VALID: 51 days)
    Certificate Path: /etc/letsencrypt/live/momentumassets.eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/momentumassets.eadmin.app/privkey.pem
  Certificate Name: momentumassets.eu
    Domains: momentumassets.eu
    Expiry Date: 2023-09-07 08:03:36+00:00 (VALID: 63 days)
    Certificate Path: /etc/letsencrypt/live/momentumassets.eu/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/momentumassets.eu/privkey.pem
  Certificate Name: my.eadmin.app
    Domains: my.eadmin.app
    Expiry Date: 2023-09-27 12:15:34+00:00 (VALID: 83 days)
    Certificate Path: /etc/letsencrypt/live/my.eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/my.eadmin.app/privkey.pem
  Certificate Name: my.eadmin.cloud
    Domains: my.eadmin.cloud
    Expiry Date: 2023-08-28 09:57:53+00:00 (VALID: 53 days)
    Certificate Path: /etc/letsencrypt/live/my.eadmin.cloud/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/my.eadmin.cloud/privkey.pem
  Certificate Name: my.momentumassets.eadmin.app
    Domains: my.momentumassets.eadmin.app
    Expiry Date: 2021-07-03 19:19:30+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/my.momentumassets.eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/my.momentumassets.eadmin.app/privkey.pem
  Certificate Name: nicola.salon
    Domains: nicola.salon www.nicola.salon
    Expiry Date: 2023-09-23 17:52:23+00:00 (VALID: 79 days)
    Certificate Path: /etc/letsencrypt/live/nicola.salon/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/nicola.salon/privkey.pem
  Certificate Name: pjmusic-eshop.eadmin.app
    Domains: pjmusic-eshop.eadmin.app
    Expiry Date: 2023-09-10 17:25:58+00:00 (VALID: 66 days)
    Certificate Path: /etc/letsencrypt/live/pjmusic-eshop.eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/pjmusic-eshop.eadmin.app/privkey.pem
  Certificate Name: tiandefm.eadmin.app
    Domains: tiandefm.eadmin.app
    Expiry Date: 2023-09-29 15:15:09+00:00 (VALID: 85 days)
    Certificate Path: /etc/letsencrypt/live/tiandefm.eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/tiandefm.eadmin.app/privkey.pem
  Certificate Name: zpflorence.eadmin.app
    Domains: zpflorence.eadmin.app
    Expiry Date: 2023-10-03 18:10:03+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/zpflorence.eadmin.app/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/zpflorence.eadmin.app/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

komarek@komarek-server:/home$ sudo apachectl -t -D DUMP_VHOSTS
AH00112: Warning: DocumentRoot [/data/www/eadmin.cz/public_html] does not exist
AH00112: Warning: DocumentRoot [/data/www/sz-zs.eadmin.cz/public_html] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server api.eadmin.cloud (/etc/apache2/sites-enabled/api.eadmin.app-le-ssl.conf:2)
         port 443 namevhost api.eadmin.cloud (/etc/apache2/sites-enabled/api.eadmin.app-le-ssl.conf:2)
                 alias www.api.eadmin.cloud
         port 443 namevhost averages.online (/etc/apache2/sites-enabled/averages.online-le-ssl.conf:2)
                 alias www.averages.online
         port 443 namevhost battery-import.eadmin.app (/etc/apache2/sites-enabled/battery-import.eadmin.app-le-ssl.conf:2)
                 alias www.battery-import.eadmin.app
         port 443 namevhost comamdelat.eadmin.app (/etc/apache2/sites-enabled/comamdelat.eadmin.app-le-ssl.conf:2)
                 alias www.comamdelat.eadmin.app
         port 443 namevhost eadmin.app (/etc/apache2/sites-enabled/eadmin.app-le-ssl.conf:2)
                 alias www.eadmin.app
                 alias zpflorence.eadmin.app
         port 443 namevhost eadmin.cloud (/etc/apache2/sites-enabled/eadmin.cloud-le-ssl.conf:2)
                 alias www.eadmin.cloud
         port 443 namevhost igloooopark.land (/etc/apache2/sites-enabled/igloooopark.land-le-ssl.conf:2)
                 alias www.igloooopark.land
         port 443 namevhost luxusniobrazy.eadmin.app (/etc/apache2/sites-enabled/luxusniobrazy.eadmin.app-le-ssl.conf:2)
                 alias www.luxusniobrazy.eadmin.app
         port 443 namevhost mojetiande.eadmin.app (/etc/apache2/sites-enabled/mojetiande.eadmin.app-le-ssl.conf:2)
                 alias www.mojetiande.eadmin.app
         port 443 namevhost momentumas.cz (/etc/apache2/sites-enabled/momentumas.cz-le-ssl.conf:2)
                 alias www.momentumas.cz
         port 443 namevhost momentumassets.eadmin.app (/etc/apache2/sites-enabled/momentumassets.eadmin.app-le-ssl.conf:2)
                 alias www.momentumassets.eadmin.app
         port 443 namevhost momentumassets.eu (/etc/apache2/sites-enabled/momentumassets.eu-le-ssl.conf:2)
                 alias www.momentumassets.eu
         port 443 namevhost nicola.salon (/etc/apache2/sites-enabled/nicola.salon-le-ssl.conf:2)
                 alias www.nicola.salon
         port 443 namevhost pjmusic-eshop.eadmin.app (/etc/apache2/sites-enabled/pjmusic-eshop.eadmin.app-le-ssl.conf:2)
                 alias www.pjmusic-eshop.eadmin.app
         port 443 namevhost tiandefm.eadmin.app (/etc/apache2/sites-enabled/tiandefm.eadmin.app-le-ssl.conf:2)
                 alias www.tiandefm.eadmin.app
*:80                   is a NameVirtualHost
         default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost alliceshop.eadmin.cz (/etc/apache2/sites-enabled/alliceshop.eadmin.cz.conf:1)
                 alias www.alliceshop.eadmin.cz
         port 80 namevhost api.eadmin.cloud (/etc/apache2/sites-enabled/api.eadmin.app.conf:1)
                 alias www.api.eadmin.cloud
         port 80 namevhost averages.online (/etc/apache2/sites-enabled/averages.online.conf:1)
                 alias www.averages.online
         port 80 namevhost battery-import.eadmin.app (/etc/apache2/sites-enabled/battery-import.eadmin.app.conf:1)
                 alias www.battery-import.eadmin.app
         port 80 namevhost casino.eadmin.cz (/etc/apache2/sites-enabled/casino.eadmin.cz.conf:1)
                 alias www.casino.eadmin.cz
         port 80 namevhost comamdelat.eadmin.app (/etc/apache2/sites-enabled/comamdelat.eadmin.app.conf:1)
                 alias www.comamdelat.eadmin.app
         port 80 namevhost dev.eadmin.cz (/etc/apache2/sites-enabled/dev.eadmin.cz.conf:1)
                 alias www.dev.eadmin.cz
         port 80 namevhost dev3.droot.cz (/etc/apache2/sites-enabled/dev3.droot.cz.conf:1)
         port 80 namevhost droot.cz (/etc/apache2/sites-enabled/droot.cz.conf:1)
                 alias www.droot.cz
         port 80 namevhost zpflorence.eadmin.app (/etc/apache2/sites-enabled/eadmin.app-le-ssl.conf:54)
                 alias www.zpflorence.eadmin.app
         port 80 namevhost eadmin.app (/etc/apache2/sites-enabled/eadmin.app.conf:1)
                 alias www.eadmin.app
         port 80 namevhost eadmin.cloud (/etc/apache2/sites-enabled/eadmin.cloud.conf:1)
                 alias www.eadmin.cloud
         port 80 namevhost eadmin.cz (/etc/apache2/sites-enabled/eadmin.cz.conf:1)
                 alias www.eadmin.cz
         port 80 namevhost gethype.eadmin.cz (/etc/apache2/sites-enabled/gethype.eadmin.cz.conf:1)
                 alias www.gethype.eadmin.cz
         port 80 namevhost igloooopark.land (/etc/apache2/sites-enabled/igloooopark.land.conf:1)
                 alias www.igloooopark.land
         port 80 namevhost jackscasino.cz (/etc/apache2/sites-enabled/jackscasino.cz.conf:1)
                 alias www.jackscasino.cz
         port 80 namevhost jackscasino.droot.cz (/etc/apache2/sites-enabled/jackscasino.droot.cz.conf:1)
                 alias www.jackscasino.droot.cz
         port 80 namevhost jackscasino.eadmin.cz (/etc/apache2/sites-enabled/jackscasino.eadmin.cz.conf:1)
                 alias www.jackscasino.eadmin.cz
         port 80 namevhost jackscasino.komarek.zcom.cz (/etc/apache2/sites-enabled/jackscasino.komarek.zcom.cz.conf:1)
                 alias www.jackscasino.komarek.zcom.cz
         port 80 namevhost luxusniobrazy.eadmin.app (/etc/apache2/sites-enabled/luxusniobrazy.eadmin.app.conf:1)
                 alias www.luxusniobrazy.eadmin.app
         port 80 namevhost mojetiande.eadmin.app (/etc/apache2/sites-enabled/mojetiande.eadmin.app.conf:1)
                 alias www.mojetiande.eadmin.app
         port 80 namevhost momentumas.cz (/etc/apache2/sites-enabled/momentumas.cz.conf:1)
                 alias www.momentumas.cz
         port 80 namevhost momentumassets.eadmin.app (/etc/apache2/sites-enabled/momentumassets.eadmin.app.conf:1)
                 alias www.momentumassets.eadmin.app
         port 80 namevhost momentumassets.eu (/etc/apache2/sites-enabled/momentumassets.eu.conf:1)
                 alias www.momentumassets.eu
         port 80 namevhost nicola.salon (/etc/apache2/sites-enabled/nicola.salon.conf:1)
                 alias www.nicola.salon
         port 80 namevhost pjmusic-eshop.eadmin.app (/etc/apache2/sites-enabled/pjmusic-eshop.eadmin.app.conf:1)
                 alias www.pjmusic-eshop.eadmin.app
         port 80 namevhost sz-zs.eadmin.cz (/etc/apache2/sites-enabled/sz-zs.eadmin.cz.conf:1)
                 alias www.sz-zs.eadmin.cz
         port 80 namevhost tiandefm.eadmin.app (/etc/apache2/sites-enabled/tiandefm.eadmin.app.conf:1)
                 alias www.tiandefm.eadmin.app
         port 80 namevhost translator.eadmin.cz (/etc/apache2/sites-enabled/translator.eadmin.cz.conf:1)
                 alias www.translator.eadmin.cz
         port 80 namevhost vavrovap.com (/etc/apache2/sites-enabled/vavrovap.com.conf:1)
                 alias www.vavrovap.com
         port 80 namevhost zahradapraha.eadmin.cz (/etc/apache2/sites-enabled/zahradapraha.eadmin.cz.conf:1)
                 alias www.zahradapraha.eadmin.cz
         port 80 namevhost zpflorence.eadmin.app (/etc/apache2/sites-enabled/zpflorence.eadmin.app.conf:1)
                 alias www.zpflorence.eadmin.app

I see that there is an incorrect alias for the eadmin.app domain on port 443.

Here are the contents of the eadmin.app.conf file.

komarek@komarek-server:/etc/apache2/sites-available$ cat eadmin.app.conf 
<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerName eadmin.app
	ServerAlias www.eadmin.app
	ServerAdmin admin@eadmin.app
	DocumentRoot /data/www/eadmin.app/public_html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
	
	<Directory /data/www/eadmin.app/public_html>
		AllowOverride All
	</Directory>

RewriteEngine on
#RewriteCond %{SERVER_NAME} =www.eadmin.app [OR]
#RewriteCond %{SERVER_NAME} =eadmin.app
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{SERVER_NAME} =www.eadmin.app [OR]
RewriteCond %{SERVER_NAME} =eadmin.app
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
4

Yes, the output makes that clear:

port 443 namevhost eadmin.app (/etc/apache2/sites-enabled/eadmin.app-le-ssl.conf:2)
         alias www.eadmin.app
  alias zpflorence.eadmin.app

You should remove that alias.

You also have a name:port overlap in these two files:

port 80 namevhost zpflorence.eadmin.app (/etc/apache2/sites-enabled/eadmin.app-le-ssl.conf:54)
        alias www.zpflorence.eadmin.app

port 80 namevhost zpflorence.eadmin.app (/etc/apache2/sites-enabled/zpflorence.eadmin.app.conf:1)
        alias www.zpflorence.eadmin.app
4 Likes
5

@rg305

The content of the file /etc/apache2/sites-available/eadmin.app-le-ssl.conf was wrong. I fixed it. However, the file content in /etc/apache2/sites-enabled/eadmin.app-le-ssl.conf is still wrong. What should I do to fix this file?

I also noticed that these 2 files are completely missing:
/etc/apache2/sites-available/zpflorence.eadmin.app-le-ssl.conf
/etc/apache2/sites-enabled/zpflorence.eadmin.app-le-ssl.conf

What should I do to generate them?

6

You can check to see if the symlink points to a different file than you expect.
ls -lh /etc/apache2/sites-enabled/eadmin.app-le-ssl.conf

How did you generate the config files for your other vhosts?

5 Likes
7

I was wrong. I didn't know that the related file in /sites-enabled was just a symlink. Finally I called sudo certbot -d zpflorence.eadmin.app and everything works. Thank you very much for your support.

3 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.