The hostname (www.wo-lar.com) does NOT match the Common Name in the certificate (wolar-lhs)


#1

According to SSL cert checker, the hostname (www.wo-lar.com) does NOT match the Common Name in the certificate (wolar-lhs). I don’t know how wolar-lhs gets into the certificate. This is the name I gave the server when instlling CENTOS. I ran a check on theis string on my HD, and wolar-lhs can only be found in
/etc/default/grub/…
/etc/lvm/archive/centos_wolar-lhs/…
/etc/lvm/backup/centos_wolar-lhs/…

The other strange thing is that the SSL cert checker gives validity dates that are wrong:
Subject wolar-lhs
Fingerprint SHA256: a424212ba07dda51cc7bfb7ee2a4a5b52468443deb4488089898707703d8a227
Pin SHA256: nQeuKBb5webV2z0v0dHN0XIuIsA9geRwoBt43x+p62c=
Common names wolar-lhs
Alternative names - INVALID
Serial Number 2a94
Valid from Thu, 06 Dec 2018 18:10:27 UTC
Valid until Fri, 06 Dec 2019 18:10:27 UTC (expires in 9 months and 24 days)

My domain is: wo-lar.com

I ran this command: certbot certificates

It produced this output:
Found the following certs:
Certificate Name: wo-lar.com
Domains: wo-lar.com www.wo-lar.com
Expiry Date: 2019-05-13 12:55:33+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/wo-lar.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/wo-lar.com/privkey.pem


My web server is (include version): httpd-2.4.6-88.el7.centos.x86_64

The operating system my web server runs on is (include version): CentOS Linux release 7.6.1810 (Core)

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No, command line

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.29.1

Thaks for your help. Wolfgang


#2

I just found it, although I am not sure why the cerbot --apache -d… command did not set it right:
The ssl.conf config file pointed to the wrong certificate:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
I replaced these two by
SSLCertificateFile /etc/letsencrypt/live/wo-lar.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/wo-lar.com/privkey.pem,

and now it seems to work fine.

Wolfgang