Struggling to create a new multi-domain certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: laser-tags.net

I ran this command: certbot --apache

It produced this output:
[root@www sites-available]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ā€˜cā€™ to
cancel): admin@laser-tags.net
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Starting new HTTPS connection (1): supporters.eff.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: laser-tags.net
2: admin.laser-tags.net
3: wip.laser-tags.net
4: www.laser-tags.net
5: laserlabels.store
6: laserlabels.shop
7: wip.laserlabels.store
8: wip.laserlabels.shop
9: www.laserlabels.store
10: www.laserlabels.shop
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for admin.laser-tags.net
http-01 challenge for laser-tags.net
http-01 challenge for laserlabels.shop
http-01 challenge for laserlabels.store
http-01 challenge for wip.laser-tags.net
http-01 challenge for wip.laserlabels.shop
http-01 challenge for wip.laserlabels.store
http-01 challenge for www.laser-tags.net
http-01 challenge for www.laserlabels.shop
http-01 challenge for www.laserlabels.store
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Enabling site /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf by adding Include to root configuration
Created an SSL vhost at /etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf
Enabling site /etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf by adding Include to root configuration
Created an SSL vhost at /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Enabling site /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf by adding Include to root configuration
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/httpd/sites-enabled/www.laser-tags.net.conf to ssl vhost in /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Redirecting vhost in /etc/httpd/sites-enabled/admin.laser-tags.net.conf to ssl vhost in /etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf
Redirecting vhost in /etc/httpd/sites-enabled/wip.laser-tags.net.conf to ssl vhost in /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://laser-tags.net,
https://admin.laser-tags.net, https://wip.laser-tags.net,
https://www.laser-tags.net, https://laserlabels.store, https://laserlabels.shop,
https://wip.laserlabels.store, https://wip.laserlabels.shop,
https://www.laserlabels.store, and https://www.laserlabels.shop

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=admin.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=www.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=laserlabels.shop
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laserlabels.shop
https://www.ssllabs.com/ssltest/analyze.html?d=www.laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=www.laserlabels.shop
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/laser-tags.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/laser-tags.net/privkey.pem
   Your cert will expire on 2020-06-01. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

 - We were unable to subscribe you the EFF mailing list because your
   e-mail address appears to be invalid. You can try again later by
   visiting https://act.eff.org.
My web server is (include version):

The operating system my web server runs on is (include version): Centos 7
Linux www.laser-tags.net 3.10.0-957.21.2.el7.x86_64 #1 SMP Wed Jun 5 14:26:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

My hosting provider, if applicable, is:n/a

I can login to a root shell on my machine (yes or no, or I donā€™t know):yes

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if youā€™re using Certbot):[root@www sites-available]# certbot --version
certbot 1.0.0

So, I created the certificate as above, and ran through testing some of the sites. Safari doesnā€™t like https://laserlabels.shop/ - claiming the certificate is self-signed, but itā€™s the same configuration file Iā€™m using for ā€˜wip.laser-tags.netā€™, which is apparently fine. The ssllabs links above show the same issue. Iā€™m kind of confused as to why one virtual host works, when the other doesnā€™t :frowning:

Hereā€™s the config files for Apache (the non-working domains):

[root@www sites-available]# cat www.laser-tags.net.conf 
<VirtualHost *:80>
    ServerName www.laser-tags.net
    ServerAlias laser-tags.net
    ServerAlias www.laserlabels.shop
    ServerAlias laserlabels.shop
    ServerAlias www.laserlabels.store
    ServerAlias laserlabels.store

    DocumentRoot /var/www/sites/laser-tags.net
    ErrorLog /var/www/log/laser-tags.net.errors
    CustomLog /var/www/log/laser-tags.net.access combined
     
RewriteEngine on
RewriteCond %{SERVER_NAME} =laserlabels.store [OR]
RewriteCond %{SERVER_NAME} =www.laser-tags.net [OR]
RewriteCond %{SERVER_NAME} =laser-tags.net [OR]
RewriteCond %{SERVER_NAME} =www.laserlabels.store [OR]
RewriteCond %{SERVER_NAME} =laserlabels.shop [OR]
RewriteCond %{SERVER_NAME} =www.laserlabels.shop
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

[root@www sites-available]# cat www.laser-tags.net-le-ssl.conf 
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName www.laser-tags.net
    ServerAlias laser-tags.net
    ServerAlias www.laserlabels.shop
    ServerAlias laserlabels.shop
    ServerAlias www.laserlabels.store
    ServerAlias laserlabels.store

    DocumentRoot /var/www/sites/laser-tags.net
    ErrorLog /var/www/log/laser-tags.net.errors
    CustomLog /var/www/log/laser-tags.net.access combined
     
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/laser-tags.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/laser-tags.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/laser-tags.net/chain.pem
</VirtualHost>
</IfModule>

ā€¦ and the working ones

[root@www sites-available]# cat wip.laser-tags.net.conf 
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName wip.laser-tags.net
    ServerAlias wip.laserlabels.shop
    ServerAlias wip.laserlabels.store
    
    DocumentRoot /var/www/sites/wip.laser-tags.net
    ErrorLog /var/www/log/wip.laser-tags.net.errors
    CustomLog /var/www/log/wip.laser-tags.net combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/laser-tags.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/laser-tags.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/laser-tags.net/chain.pem
</VirtualHost>
</IfModule>

[root@www sites-available]# cat wip.laser-tags.net-le-ssl.conf 
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName wip.laser-tags.net
    ServerAlias wip.laserlabels.shop
    ServerAlias wip.laserlabels.store
    
    DocumentRoot /var/www/sites/wip.laser-tags.net
    ErrorLog /var/www/log/wip.laser-tags.net.errors
    CustomLog /var/www/log/wip.laser-tags.net combined
     
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/laser-tags.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/laser-tags.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/laser-tags.net/chain.pem
</VirtualHost>
</IfModule>

I checked that the DNS entries are all set, in case that was a problem. all the relevant (www,admin,wip,).domain seem to be ok.

Anyone got any ideas ?

Cheers :slight_smile:

[update: I saw the release of certbot 1.3, and my (fetched by yum) version was 1.0, so I pulled the new one down from git, compiled it, and did a reinstallā€¦

[root@www certbot]# venv3/bin/certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: laser-tags.net
2: admin.laser-tags.net
3: wip.laser-tags.net
4: www.laser-tags.net
5: laserlabels.store
6: laserlabels.shop
7: wip.laserlabels.shop
8: wip.laserlabels.store
9: www.laserlabels.store
10: www.laserlabels.shop
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/laser-tags.net.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Future versions of Certbot will automatically configure the webserver so that all requests redirect to secure HTTPS access. You can control this behavior and disable this warning with the --redirect and --no-redirect flags.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://laser-tags.net,
https://admin.laser-tags.net, https://wip.laser-tags.net,
https://www.laser-tags.net, https://laserlabels.store, https://laserlabels.shop,
https://wip.laserlabels.shop, https://wip.laserlabels.store,
https://www.laserlabels.store, and https://www.laserlabels.shop

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=admin.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=www.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=laserlabels.shop
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laserlabels.shop
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=www.laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=www.laserlabels.shop
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/laser-tags.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/laser-tags.net/privkey.pem
   Your cert will expire on 2020-06-01. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

ā€¦ but I still get the same result. Reading around, I also found I can do:

[root@www simon]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: laser-tags.net
    Domains: laser-tags.net admin.laser-tags.net laserlabels.shop laserlabels.store wip.laser-tags.net wip.laserlabels.shop wip.laserlabels.store www.laser-tags.net www.laserlabels.shop www.laserlabels.store
    Expiry Date: 2020-06-01 20:31:05+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/laser-tags.net/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/laser-tags.net/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

ā€¦ so certbot thinks it has all the right hosts ā€¦

certbot certificates shows that you do have one cert with all those names on it.
What you need to show is that you are only using those name in that one vhost config.
What says?:
apachectl -S

Cool, thanks :slight_smile:

apachectl doesnā€™t show me anything, but httpd -S gives me:

[root@www www]# httpd -S
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server admin.laser-tags.net (/etc/httpd/sites-enabled/admin.laser-tags.net.conf:1)
         port 80 namevhost admin.laser-tags.net (/etc/httpd/sites-enabled/admin.laser-tags.net.conf:1)
         port 80 namevhost wip.laser-tags.net (/etc/httpd/sites-enabled/wip.laser-tags.net.conf:1)
                 alias wip.laserlabels.shop
                 alias wip.laserlabels.store
         port 80 namevhost www.laser-tags.net (/etc/httpd/sites-enabled/www.laser-tags.net.conf:1)
                 alias laser-tags.net
                 alias www.laserlabels.shop
                 alias laserlabels.shop
                 alias www.laserlabels.store
                 alias laserlabels.store
*:443                  is a NameVirtualHost
         default server www.laser-tags.net (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost www.laser-tags.net (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost www.laser-tags.net (/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:2)
                 alias laser-tags.net
                 alias www.laserlabels.shop
                 alias laserlabels.shop
                 alias www.laserlabels.store
                 alias laserlabels.store
         port 443 namevhost admin.laser-tags.net (/etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf:2)
         port 443 namevhost wip.laser-tags.net (/etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf:2)
                 alias wip.laserlabels.shop
                 alias wip.laserlabels.store
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

Well (better than I expected), I can only see only name overlap:

port 443 namevhost www.laser-tags.net (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost www.laser-tags.net (/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:2)

All names should only appear in one file (one :80 file/section and one :443 file/section).
Not sure if it fixes your problem but it wonā€™t hurt to correct that and retry.

I would also like to confirm that you are only using the cert shown by certbot certificates
Please show:
grep -Eri 'sslcert|servername|serveralias' /etc/httpd/

1 Like

Ok, great, thanks :slight_smile:

Iā€™ll fix the ssl.conf file. Hereā€™s the output of the ā€˜grepā€™

[root@www www]# grep -Eri 'sslcert|servername|serveralias' /etc/httpd
/etc/httpd/conf/httpd.conf:# ServerName gives the name and port that the server uses to identify itself.
/etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateFile at a PEM encoded certificate.  If
/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/pki/tls/certs/localhost.crt
/etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
/etc/httpd/conf.d/ssl.conf:#   Point SSLCertificateChainFile at a file containing the
/etc/httpd/conf.d/ssl.conf:#   the referenced file can be the same as SSLCertificateFile
/etc/httpd/conf.d/ssl.conf:#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
/etc/httpd/sites-available/admin.laser-tags.net.conf:    ServerName admin.laser-tags.net
/etc/httpd/sites-available/wip.laser-tags.net.conf:    ServerName wip.laser-tags.net
/etc/httpd/sites-available/wip.laser-tags.net.conf:    ServerAlias wip.laserlabels.shop
/etc/httpd/sites-available/wip.laser-tags.net.conf:    ServerAlias wip.laserlabels.store
/etc/httpd/sites-available/www.laser-tags.net.conf:    ServerName www.laser-tags.net
/etc/httpd/sites-available/www.laser-tags.net.conf:    ServerAlias laser-tags.net
/etc/httpd/sites-available/www.laser-tags.net.conf:    ServerAlias www.laserlabels.shop
/etc/httpd/sites-available/www.laser-tags.net.conf:    ServerAlias laserlabels.shop
/etc/httpd/sites-available/www.laser-tags.net.conf:    ServerAlias www.laserlabels.store
/etc/httpd/sites-available/www.laser-tags.net.conf:    ServerAlias laserlabels.store
/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:    ServerName www.laser-tags.net
/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:    ServerAlias laser-tags.net
/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:    ServerAlias www.laserlabels.shop
/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:    ServerAlias laserlabels.shop
/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:    ServerAlias www.laserlabels.store
/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:    ServerAlias laserlabels.store
/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/laser-tags.net/cert.pem
/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/laser-tags.net/privkey.pem
/etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/laser-tags.net/chain.pem
/etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf:    ServerName admin.laser-tags.net
/etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/laser-tags.net/cert.pem
/etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/laser-tags.net/privkey.pem
/etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/laser-tags.net/chain.pem
/etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf:    ServerName wip.laser-tags.net
/etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf:    ServerAlias wip.laserlabels.shop
/etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf:    ServerAlias wip.laserlabels.store
/etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/laser-tags.net/cert.pem
/etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/laser-tags.net/privkey.pem
/etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/laser-tags.net/chain.pem

Thanks very much for the help, I really appreciate it :slight_smile:

I assume the lines in ssl.conf ā€œSSLCertificate{Key}Fileā€ are part of the problem, then ?

2 Likes

So far, so food :slight_smile:

except for the obviously no longer necessary:

/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/pki/tls/certs/localhost.crt
/etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
2 Likes

So, now it works fine on all the hosts :slight_smile:

Thank you very much, I really appreciate it :slight_smile:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.