SSL won't stop issuing to wrong subdomain


#1

Backstory

I recently created a new nextcloud server by downloading the snap package. It worked fine so I decided to add ssl encryption. I had my subdomain cloud.fluxhub.net redirecting to a dns fluxhub.cloudwatch.net and I encrypted the dns. It worked perfect (I should have just stopped) however I wanted to see if I could switch my cloud.fluxhub.net to be the url and not use the dns. That’s where my issue starts. I went into my cpanel that hosts cloud.fluxhub.net and changed it to redirect to my static server ip address and then I couldn’t get my ssl to show up anymore. I created more ssl certificated for cloud.fluxhub.net and fluxhub.cloudwatch.net which didn’t help.

Problem

Now I am trying to add ssl encryption the same way I have done before. I removed my cloud.fluxhub.net redirects and deleted off any ssl from Bluehost associated with cloud.fluxhub.net. I deleted my dns (fluxhub.cloudwatch.net) and created a new one to start from scratch. The only thing pointing to my server is my new dns fluxhub.palvelin.net, but when I add my ssl certificate it doesn’t encrypt and still says my ssl is issued to cloud.fluxhub.net. Is there anyway to stop this from happening? I have read the rate limits (maybe I just have to wait a week) and I have tried revoking certificates, but I’m still clueless what I should do or how long I should wait.

Thanks!

Ubuntu 18.04
Apache 2.4
NC 13


#3

Hi @fluxified

you have to create a new certificate with

fluxhub.palvelin.net

as domain name. Then install and use this certificate.

fluxhub.palvelin.net and cloud.fluxhub.net have different ip addresses.

D:\temp>nslookup fluxhub.palvelin.net.
Name: fluxhub.palvelin.net
Address: 23.228.141.153

D:\temp>nslookup cloud.fluxhub.net.
Name: cloud.fluxhub.net
Address: 69.195.124.177

But if they have the same ip address, you can also create one certificate with these two domain names. Then you can use this certificate - with both domain names.


#4

I had originally had my cloud.fluxhub.net pointed at my ip address, but I changed it back to my bluehost default ip. I created a new certificate for fluxhub.palvelin.net and it says it’s working from looking at the crt.sh, but when I look at my url in my browser its red and still issued to my cloud.fluxhub.net. Should I just wait for my certificates to expire and try again? Or is there a way I can stop the ssl certificates at my cloud.fluxhub.net?


#5

Crt.sh shows only certificates which are created. Crt.sh and other transparency logs don’t know if a certificate is installed correct.

Your installation of the webserver of fluxhub.palvelin.net is wrong. Share this ssl configuration.

There is a part where the ssl certificate files are used. You must change this part.

This is completeley irrelevant.


#6

I got the dns from freedns.afraid.org and have followed this guide exactly. Where would I go to find the ssl configuration? The way I installed Nextcloud as a snap the files are different from what I’m used to.


#7

With the old or new domain?

Perhaps you should do that with the new domain.

Looks that this part

sudo nextcloud.occ config:system:set trusted_domains 1 --value=fluxhub.palvelin.net

is critical.


#8

I have configured the trusted domains to match and removed the cloud.fluxhub.net from it, but no luck. I found a way to delete the ssl certificates from my Bluehost account from this subdomain, but also no luck. Is there a way to remove/revoke an ssl certifcate from the cloud.fluxhub.net?


#9

Looks like you did something wrong. If you can install one certificate, you should be able to remove that and install another certificate.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.