Subdomain - ERR_CERT_COMMON_NAME_INVALID

Hello All,
I have a problem with subdomain. I created SSL Certificate for main website (https://stelmaszyk.dev) and it works fine. After few days, I decided to simplify access to Nextcloud and I decided to create subdomain for it (nc.stelmaszyk.dev). For main website the certificate works fine, I have no issues.
The problem started when I created second host for my subdomain nc.stelmaszyk.dev
In /etc/hosts I added entry 127.0.0.1 nc.localhost
In /etc/apache2/sites-enabled I created port80-only entry for my subdomain where I pointed where nextcloud is installed (/var/www/html/nextcloud).
After that, I ran certbot to create certificate for this subdomain. I chose subdomain from the list and then selected 2. Redirect - Make all requests redirect to secure HTTPS access.

After that I added 443 port entry to nc.stelmaszyk.dev.conf file the same way I added SSL for my main page. After all, I get prompt that server was unable to prove that it belongs to nc.stelmaszyk.dev. Its certificate belongs to stelmaszyk.dev – ERR_CERT_COMMON_NAME_INVALID. What did I do wrong?

My domain is: stelmaszyk.dev | nc.stelmaszyk.dev

I ran this command: certbot

It produced this output:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Failed redirect for nc.stelmaszyk.dev
Unable to set enhancement redirect for nc.stelmaszyk.dev
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

IMPORTANT NOTES:

  • We were unable to set up enhancement redirect for your server,
    however, we successfully installed your certificate.
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/nc.stelmaszyk.dev/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/nc.stelmaszyk.dev/privkey.pem
    Your cert will expire on 2020-06-05. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

My web server is (include version): OVH VPS SSD 1

The operating system my web server runs on is (include version): Debian 10 Buster

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

1 Like

did you include a ServerName nc.stelmaszyk.dev directive in there?

https://httpd.apache.org/docs/2.4/mod/core.html#servername

1 Like