My domain is:
advanceroofing.co.nz
grafterroofing.co.nz
balcluthaglass.co.nz
I ran this command:
certbot certificates
It produced this output:
Found the following certs:
Certificate Name: advanceroofing.co.nz
Serial Number: 45e2eadef36f3a4fb52b4ddba4488ff34b8
Domains: advanceroofing.co.nz www.advanceroofing.co.nz
Expiry Date: 2020-10-26 21:23:52+00:00 (VALID: 70 days)
Certificate Path: /etc/letsencrypt/live/advanceroofing.co.nz/fullchain.pem
Private Key Path: /etc/letsencrypt/live/advanceroofing.co.nz/privkey.pem
Certificate Name: balcluthaglass.co.nz
Serial Number: 47f5fe102197c7f2c75b5d25614a8e95e27
Domains: balcluthaglass.co.nz www.balcluthaglass.co.nz
Expiry Date: 2020-05-10 21:05:44+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/balcluthaglass.co.nz/fullchain.pem
Private Key Path: /etc/letsencrypt/live/balcluthaglass.co.nz/privkey.pem
Certificate Name: grafterroofing.co.nz
Serial Number: 3ca7a3399fe3d06f7d84a66a2f2a9bf540c
Domains: grafterroofing.co.nz www.grafterroofing.co.nz
Expiry Date: 2020-11-13 17:09:25+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/grafterroofing.co.nz/fullchain.pem
Private Key Path: /etc/letsencrypt/live/grafterroofing.co.nz/privkey.pem
My web server is (include version):
nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 18.04.4 LTS
My hosting provider, if applicable, is:
n/a
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
certbot 1.7.0
Further Information
All three domains were being served from the same machine with the public IP address of 192.241.203.130
The domain balcluthaglass.co.nz has moved to a different server. That domain has an active Let’s Encrypt certificate. However, when visiting the domain my browser reports that the domain is not secure. At the moment I am not trying to resolve that issue. I am trying to determine why the other two domains are not setup correctly.
The domain advanceroofing.co.nz and the domain grafterglass.co.nz both have the same three issues. I’ll describe the issues for advanceroofing.co.nz.
Issue 1.
SSL cert for advanceroofing.co.nz has Subject Alternative Names (SANs) which differ:
balcluthaglass.co.nz
www.balcluthaglass.co.nz
Issue 2.
The certificate has expired.
Issue 3.
The hostname (advanceroofing.co.nz) does NOT match the Common Name in the certificate (balcluthaglass.co.nz). This certificate is currently invalid for this host.
DNS
advanceroofing.co.nz resolves to 192.241.203.130.
What steps should I take to begin to resolve these issues?