"SSL certificate name mismatch"

Carapax · December 28, 2019, 3:24pm

Hi,

I somehow managed to get a certificate for the saniteka.ru domain so that the www.saniteka.ru subdomain turned out to be from other my domain:

For saniteka.ru:
Common Name saniteka.ru
DNS Name saniteka.ru
DNS Name www.saniteka.ru

but

For www.saniteka.ru
Common Name maxnutrition.ru
DNS Name maxnutrition.ru
DNS Name www.maxnutrition.ru

I tried to fix it several times using wacs …

–target manual --host saniteka.ru,www.saniteka.ru --validation filesystem --webroot “\path\saniteka.ru” --store pemfiles --pemfilespath \path\certificates

… but nothing worked. Please help!

JuergenAuer · December 28, 2019, 3:55pm

Hi @Carapax

that's

not the problem. Checking your domain the certificate creation has worked - https://check-your-website.server-daten.de/?q=saniteka.ru#ct-logs

Issuer	not before	not after	Domain names	LE-Duplicate
Let's Encrypt Authority X3	2019-12-28	2020-03-27	saniteka.ru, www.saniteka.ru - 2 entries	duplicate nr. 3
Let's Encrypt Authority X3	2019-12-27	2020-03-26	saniteka.ru, www.saniteka.ru - 2 entries	duplicate nr. 2
Let's Encrypt Authority X3	2019-12-27	2020-03-26	saniteka.ru - 1 entries	duplicate nr. 2
Let's Encrypt Authority X3	2019-12-27	2020-03-26	saniteka.ru, www.saniteka.ru - 2 entries	duplicate nr. 1
Let's Encrypt Authority X3	2019-12-25	2020-03-24	saniteka.ru - 1 entries	duplicate nr. 1

So this part is done. Don't create more certificates, there is a rate limit.

Your non-www uses the correct certificate:

CN=saniteka.ru
	28.12.2019
	27.03.2020
expires in 90 days	
saniteka.ru, www.saniteka.ru - 2 entries

But your www uses the wrong certificate, so it's only a certificate installation problem.

There is an Apache. What says

apachectl -S

Carapax · December 28, 2019, 4:12pm

Virtual hosts configs:

httpd
<VirtualHost *:80>
ServerName saniteka.ru
ServerAlias www.saniteka.ru
DocumentRoot “{path}/saniteka.ru”

#Permanently redirect all HTTP requests to HTTPS
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
Alias /.well-known "{path}/saniteka.ru/.well-known"

< / VirtualHost>

httpd-ssl
<VirtualHost *:443>
ServerName saniteka.ru:443
ServerAlias www.saniteka.ru:443
DocumentRoot “{path}/saniteka.ru”
SSLEngine on
Protocols h2 http/1.1

SSLCertificateFile “path/saniteka.ru-crt.pem”
SSLCertificateKeyFile “path/saniteka.ru-key.pem”
SSLCertificateChainFile “path/saniteka.ru-chain.pem”
< / VirtualHost>

similarly for maxnutrition.ru

JuergenAuer · December 28, 2019, 4:26pm

Please share

apachectl -S

Your configuration may not work, that's the reason that command is required.

And that

is wrong, the port isn't part of a server name. So that vHost isn't used -->> apachectl -S to see your real vHosts.

Carapax · December 28, 2019, 4:32pm

My Apache is on Windows…

Carapax · December 28, 2019, 4:39pm

I removed the ports and it seems to work Could you please check?

P.S. I somewhere googled this design. Surprised, but thought that smart people know better …

And thank you very much!

JuergenAuer · December 28, 2019, 5:04pm

Use the online tool to check your configuration. Works if I'm out.

system · January 27, 2020, 5:04pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Different domains with similar names Help	5	769	March 31, 2019
Certificate mismatch generate ssl for www or non-www first? Server	6	1342	January 2, 2019
Name mismatch issue Help	13	1410	June 2, 2019
Certificate name mismatch Server	4	2232	March 22, 2018
[Solved] Certificate name mismatch problem with acme.sh Help	3	2164	November 19, 2017

"SSL certificate name mismatch"

Related topics