Unwanted redirects

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: wholeworldjustice.org & safefoodandfertilizer.com are both redirecting to energymodeling.net

I ran this command: # certbot --apache -d wholeworldjustice.org -d www.wholeworldjustice.org --preferred-challenges http

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert is due for renewal, auto-renewingā€¦
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.wholeworldjustice.org
Waiting for verificationā€¦
Cleaning up challenges

We were unable to find a vhost with a ServerName or Address of wholeworldjustice.org.
Which virtual host would you like to choose?

1: stalberg.net.conf | Multiple Names | | Enabled
2: mitigation.com.conf | Multiple Names | | Enabled
3: santacruzpartners.org.conf | Multiple Names | | Enabled
4: web-analysts.net.conf | Multiple Names | | Enabled
5: mitigation.com-le-ssl.conf | Multiple Names | HTTPS | Enabled
6: stalberg.net-le-ssl.conf | Multiple Names | HTTPS | Enabled
7: saveoursoil.us.conf | Multiple Names | | Enabled
8: theaweiseries.com-le-ssl.conf | Multiple Names | HTTPS | Enabled
9: sewagesludgeactionnetwork.com. | Multiple Names | | Enabled
10: lapazpartners.org-le-ssl.conf | Multiple Names | HTTPS | Enabled
11: energymodeling.net.conf | Multiple Names | | Enabled
12: theaweiseries.com.conf | Multiple Names | | Enabled
13: cbbapartners.org-le-ssl.conf | Multiple Names | HTTPS | Enabled
14: sewagesludgeactionnetwork.com- | Multiple Names | HTTPS | Enabled
15: lapazpartners.org.conf | Multiple Names | | Enabled
16: energymodeling.net-le-ssl.conf | Multiple Names | HTTPS | Enabled
17: santacruzpartners.org-le-ssl.c | Multiple Names | HTTPS | Enabled
18: saveoursoil.us-le-ssl.conf | Multiple Names | HTTPS | Enabled

Select the appropriate number [1-18] then [enter] (press ā€˜cā€™ to cancel)

My web server is (include version): Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.6 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I donā€™t know): yes

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if youā€™re using Certbot): certbot 0.31.0

I do not have any redirects anywhere, i.e. .htaccess files

Iā€™m most concerned by the table above that says ā€œmultiple namesā€ for every website.

what have I done?
Thanks in advance.
C

2

Hi @walpi

before you use http-01 validation, you should update your vHost configuration.

Looks like Certbot picks the wrong vHost because there is no explicit vHost defined.

But you have already created 3 certificates ( https://check-your-website.server-daten.de/?q=wholeworldjustice.org#ct-logs ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
972214582 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-17 21:06:04 2019-09-15 21:06:04 wholeworldjustice.org, www.wholeworldjustice.org - 2 entries duplicate nr. 1
968598299 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-15 14:28:56 2019-09-13 14:28:56 wholeworldjustice.org - 1 entries duplicate nr. 1
966674874 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-14 09:01:14 2019-09-12 09:01:14 makingthenetwork.org, mitigation.com, saveoursoil.us, web-analysts.net, www.cbbapartners.org, www.makingthenetwork.org, www.mitigation.com, www.santacruzpartners.org, www.saveoursoil.us, www.sewagesludgeactionnetwork.com, www.theaweiseries.com, www.web-analysts.net, www.wholeworldjustice.org - 13 entries duplicate nr. 1

So one of the standard vHosts is used -> there is the wrong redirect defined.

PS: There is no redirect. Not correct, not wrong.

Domainname Http-Status redirect Sec. G
ā€¢ http://wholeworldjustice.org/
45.33.28.111 200 0.463 H
ā€¢ http://wholeworldjustice.org/
2600:3c00::f03c:91ff:fe27:278c 200 0.480 H
ā€¢ http://www.wholeworldjustice.org/
45.33.28.111 200 0.463 H
ā€¢ http://www.wholeworldjustice.org/
2600:3c00::f03c:91ff:fe27:278c 200 0.484 H
ā€¢ https://wholeworldjustice.org/
45.33.28.111 200 1.910 N
Certificate error: RemoteCertificateNameMismatch
ā€¢ https://wholeworldjustice.org/
2600:3c00::f03c:91ff:fe27:278c 200 1.536 N
Certificate error: RemoteCertificateNameMismatch
ā€¢ https://www.wholeworldjustice.org/
45.33.28.111 200 1.743 N
Certificate error: RemoteCertificateNameMismatch
ā€¢ https://www.wholeworldjustice.org/
2600:3c00::f03c:91ff:fe27:278c 200 1.580 N
Certificate error: RemoteCertificateNameMismatch

http isn't redirected to https (Grade H), https has no redirect.

You can't check redirects with your browser -> too much caching.

3

Okay. How do I update my vHost configuration please?

4

@walpi,

Can you show us the output of apache2ctl -S please? That should be a good place for you to begin fixing your vhosts.

1 Like
5

I fixed it. at the command line I just did

certbot --apache -d domainname.tld -d www.domainname.tld --preferred-challenges http

I initially used the the enumerated list certbot script but that screwed things up. the accompanying instructions should have not allowed me to break my websites.

thank you.

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.