Unable to add wildcard to existing cert - no Vhost was selected


#1

I would like to add the wildcard to my domain and it keeps coming up with a name mismatch when I check it.

I can install the root domain with no wildcard without any errors. I then run the command:
sudo /home/ec2-user/certbot-auto --debug --cert-name hubsmp.com --installer apache --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges=dns -w /var/www/html -d hubsmp.com,*.hubsmp.com

and I receive an error:

Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf
No vhost exists with servername or alias for domain *.hubsmp.com. No vhost was selected. Please specify ServerName or ServerAlias in the Apache config.
Exiting abnormally:

If I run the certificates command, I receive the following:
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: hubsmp.com-0001
Domains: hubsmp.com *.hubsmp.com
Expiry Date: 2018-06-14 18:40:20+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/hubsmp.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/hubsmp.com-0001/privkey.pem
-------------------------------------------------------------------------------

Any idea how I can fix this?
Thanks!


#2

Hi,

Each -d command should follow only one hostname.

In your case, the command should be
sudo /home/ec2-user/certbot-auto --debug --cert-name hubsmp.com --installer apache --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges=dns -w /var/www/html -d hubsmp.com -d *.hubsmp.com

Thank you


#3

When I do that, I get two different TXT challenges for the DNS TXT record. I can get past that, but then it gives me the error:
Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf
No vhost exists with servername or alias for domain *.hubsmp.com. No vhost was selected. Please specify ServerName or ServerAlias in the Apache config.
Exiting abnormally:
Is that a different issue?


#4

This seems to be a different issue.

Just wondering,
Is the certificate issued (just not able to install) or the certificate was not issued at all?
(usecertbot-auto certificates to find issued certificates)

Thank you


#5

After I ran your command - I believe I have two certs now:
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: hubsmp.com-0001
Domains: hubsmp.com *.hubsmp.com
Expiry Date: 2018-06-14 18:40:20+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/hubsmp.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/hubsmp.com-0001/privkey.pem
Certificate Name: hubsmp.com
Domains: hubsmp.com *.hubsmp.com
Expiry Date: 2018-06-14 19:28:42+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/hubsmp.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/hubsmp.com/privkey.pem
-------------------------------------------------------------------------------


#6

Hi,

This means all certificates you requested are already issued. But certbot just have trouble installing them.

While I don’t know why it throwing this issue, you can still install the certificate by yourself.

Thank you

P.S. certbot certificates just list all certs you have requested for the server. It neither request a new certificate nor install/remove any of the certificates.


#7

ok, because when I test hubsmp.com alone, with a verification link, it works fine…it is just www. that comes up with name mismatch


#8

Hi,

It seems this domain is used by another certificate.

Can you please share your vhost config file?

Thank you


#9

I don’t have a vhost config file, I don’t believe. I have a php.conf and an ssl.conf file. There is only one domain hosted on this server.


#10

Is there a way to just delete all the certs, or revoke them and start over? I did that once using the delete command, but not sure it worked if it is still saying I have multiple certs.


#11

Yes, you can do that by certbot revoke --cert-path=(the certificate chain path) Then there is an option asking you to delete the certificates.

You can check your ssl.conf file. There should be one stating servername hubsmp.com and can add certificates using this tutorial:
https://www.digicert.com/csr-ssl-installation/apache-openssl.htm

Thank you


#12

You don’t have to revoke certificates in order to delete them; you can also delete them without revoking with certbot delete --cert-name (the certificate name).


#13

@bmw, could you opine on this wildcard deployment issue with the Apache installer? I’m not familiar with how the new logic works yet in terms of finding or creating appropriate virtual hosts for the wildcard.


#14

I did use the delete, and it appeared to work as it deleted the files. However, it is acting as though there are two active certs


#15

In what way do you mean?


#16

I am getting a name mismatch - and when I run the certificates option I see two certificates (see above)

I did find a virtual host option in my ssl.conf file. RIght now it only has one domain listed, hubsmp.com. Should I simply add *.hubsmp.com?
ServerName hubsmp.com
SSLCertificateFile /etc/letsencrypt/live/hubsmp.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hubsmp.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf


#17

Did you restart Apache?


#18

yes. At one point it would not stop, but yes it has been restarted


#19

I am using Amazon AWS, and EC2. I just noticed they updated a tutorial on this:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt

I deleted all the certs, and started over, and it works!

For the Virtual Host, I did not use a wildcard, only used hubsmp.com and www.hubsmp.com. Do you think that is OK?

<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName "example.com"
    ServerAlias "www.example.com"
</VirtualHost>

#20

I’m not positive what you’re trying to accomplish—do you have other subdomains that this server might be accessed as?