Wrong Certificate is loading


I’m using an Apache server, and I’ve successfully renewed my certificate.

My Apache server is hosting two domains, which both point to the same directory.

The certificate is loading only one of the domain certificates, it’s not loading domain #2 when I browse to domain #2

If the two domains are separate VirtualHosts in Apache, then you just configure each SSLCertificateFile & SSLCertificateKeyFile to point to each respective certificate.

If the two domains are the same VirtualHost in Apache, then you should create a single certificate that covers all of the domains in one go, and use that.

Running these commands and posting the output here would enable us to tell you what is what:

apachectl -t -D DUMP_VHOSTS
certbot certificates
1 Like

root@ottawakaraoke-siliconvalley-prod:~# apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 sing.ottawakaraoke.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server karaokeottawa.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:41)
port 80 namevhost karaokeottawa.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:41)
port 80 namevhost karaokeottawa.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost dev.smartmeetings.ca (/etc/apache2/sites-enabled/000-default.conf:38)
port 80 namevhost ottawakaraoke.ca (/etc/apache2/sites-enabled/ottawakaraoke.conf:1)

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/ottawakaraoke.com/cert.pem is unknown

Found the following certs:
Certificate Name: karaokeottawa.com
Domains: karaokeottawa.com www.karaokeottawa.com
Expiry Date: 2019-06-18 21:30:41+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/karaokeottawa.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/karaokeottawa.com/privkey.pem
Certificate Name: ottawakaraoke.com
Domains: ottawakaraoke.com
Expiry Date: 2019-03-07 08:07:27+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/ottawakaraoke.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ottawakaraoke.com/privkey.pem
Certificate Name: sing.ottawakaraoke.com
Domains: sing.ottawakaraoke.com
Expiry Date: 2019-05-29 23:37:42+00:00 (VALID: 70 days)
Certificate Path: /etc/letsencrypt/live/sing.ottawakaraoke.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/sing.ottawakaraoke.com/privkey.pem

So the domain that you need to get SSL working for is karaokeottawa.com right?

It is a separate VirtualHost, so I believe you can get Certbot to install that certificate for you by running:

certbot --apache --cert-name karaokeottawa.com

It will give you a choice of either renewing or keeping and re-installing your certificate. You want to re-install it.

hello @_az you are correct

when i run this command the certificate will install for karaokeottawa.com, however, the certificate for sing.ottawakaraoke.com is then invalid.

How can I install for both domains?

I’m not sure why Certbot would behave like that. It seems to me that it should create a HTTPS VirtualHost for your two domains.

Maybe the problem is you have all your domains listed as ServerAliases in 000-default-le-ssl.conf ?

One workaround is just to use one mega-certificate:

certbot --apache -d sing.ottawakaraoke.com -d karaokeottawa.com -d www.karaokeottawa.com

The command worked perfectly.

How can I automate the renewal now?

There’s no extra steps for automated renewal.

Each certificate listed in this command will be automatically renewed and installed:

certbot certificates

Some of them will be redundant/useless now, so you may wish to get rid of them, using:

certbot delete --cert-name <name of certificate>

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.