SSL certificate does not match your domain name

I tried to set up SSL connection using this guide:

when i finished and opened a web page to my website, i'm getting the certificate error.
i tested a certificate through whynopadlock.com and i'm getting two errors:

  1. Your SSL certificate appears to be self signed.
    Browsers will display an error whenever someone attempts to visit your site.
  2. Your SSL certificate does not match your domain name!

Domain: ark-suite.com
Command: certbot --apache -d ark-suite.com
Web server version: Server version: Apache/2.4.6 (CentOS)
Operating system: Centos 7
My hosting provider, if applicable, is: Digitalocean
I can login to a root shell on my machine.
I'm not using a control panel to manage my site.
The version of my certbot is 0.34.2

Virtual host configuration:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName ark-suite.com
    ServerAlias www.ark-suitecom
    DocumentRoot /var/www/ark-suite.com/html
    ErrorLog /var/www/ark-suite.com/log/error.log
    CustomLog /var/www/ark-suite.com/log/requests.log combined
SSLCertificateFile /etc/letsencrypt/live/ark-suite.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ark-suite.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/ark-suite.com-0001/chain.pem
</VirtualHost>
</IfModule>

Why i'm facing this issues?
How can i solve them?

Hi @nufay

checking your domain you have created a lot of certificates ( https://check-your-website.server-daten.de/?q=ark-suite.com#ct-logs ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
985755478 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-25 11:43:50 2019-09-23 11:43:50 ark-suite.com - 1 entries duplicate nr. 3
984469864 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-24 18:38:32 2019-09-22 18:38:32 ark-suite.com - 1 entries duplicate nr. 2
984452289 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-24 18:22:29 2019-09-22 18:22:29 ark-suite.com, www.ark-suite.com - 2 entries duplicate nr. 3
984451652 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-24 18:20:40 2019-09-22 18:20:40 ark-suite.com, www.ark-suite.com - 2 entries duplicate nr. 2
984448395 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-24 18:16:05 2019-09-22 18:16:05 ark-suite.com - 1 entries duplicate nr. 1
977161708 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-20 14:00:16 2019-09-18 14:00:16 ark-suite.com, www.ark-suite.com - 2 entries duplicate nr. 1

But your command creates the wrong certificate, it has only one domain name.

So first step: Check your config with

certbot certificates

to find the certificate with both domain names.

Then use that in your

part. Then restart your server and recheck your configuration.

If that doesn't work, you may have multiple vHosts so that vHost isn't used.

apachectl -S

Currently, you use a self signed certificate, not that vHost:

E=root@ark-suite.com, 
CN=ark-suite.com, OU=SomeOrganizationalUnit, 
O=SomeOrganization, L=SomeCity, S=SomeState, C=--
	24.06.2019
	23.06.2020
expires in 363 days
1 Like

I tried configuring it with different settings, when i was using a certificate with both domain names i had the same error.
I also made a mistake, i deleted old certificates so i don't get confused, and currently i have only one certificate:

[root@server] # certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: ark-suite.com-0001
Domains: ark-suite.com
Expiry Date: 2019-09-23 11:43:50+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/ark-suite.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ark-suite.com-0001/privkey.pem

Currently there's no 'wrong' vhosts so i don't get to the wrong directory or so:

[root@server]# apachectl -S
VirtualHost configuration:
127.0.1.1:443 ark-suite.com (/etc/httpd/conf.d/ssl.conf:56)
*:80 ark-suite.com (/etc/httpd/conf/httpd.conf:355)
*:443 ark-suite.com (/etc/httpd/conf/httpd-le-ssl.conf:2)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

I don't know, why i have a self signed certificate, cause i never did that, i only used let'sencrypt 's scripts.

i currently use only this domain name, and i added www.ark-suite.com just in case in previous configuration. Do i actually need it?

If your server uses a self signed certificate, your paths or your vHost configuration is wrong. Or you didn't restart your server. Or you have an orphaned process -> reboot your server.

So this is the first problem you should fix.

You have both dns entries. And it's a main domain. So you should have both dns entries and a certificate with both domain names (it's easier to have such a certificate instead of two certificates and two vHosts per port).

1 Like

Should i create a vHost for each domain name separately or to leave one of them as an alias?

It's your decision (20 characters required).

1 Like

After following your instructions in your first reply and clearing cache, all started to work perfectly, thank you!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.