Wrong Domain in Certificate


I successfully created a certificate but when I check my website, the certificate is not valid and the detail show another domain for the certificate

"smartwp.coach" whereas I the certificate I generated was for "blog.webwatch.be"

This is a wordpress multisite including 3 sites and the root directory is the same for each /var/www/html

Site n°1 (mal-au-dos.be) and Site n°2 (smartwp.coach) have had a working Certbot Certificate for a while and today, as I want to add a third site, I get this issue: Site n°3 is showing the Certificate of Site n°2

What can I do?

Thanks in advance

My domain is: blog.webwatch.be

I ran this command:
certbot certonly --webroot -w /var/www/html -d blog.webwatch.be

It produced this output:
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
Renewing an existing certificate

  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2021-12-30. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    "certbot renew"

My web server is (include version):
OpenLiteSpeed 1.6.15

The operating system my web server runs on is (include version):
Ubuntu 20.04.1 LTS (Debian)

My hosting provider, if applicable, is:
Google Cloud PlatForm

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

Did you also install the certificate into OpenLiteSpeed?

Also, it seems you've issued multiple certs for your current hostname resulting in multiple lineages in certbot. That might be overkill. Please check your certificates with certbot certificates and remove any unused duplicate. Otherwise your certbot will happily renew all the certs, even unused duplicates. Which of course is quite wastefull.

1 Like

I have installed the certificate in OLS (I suppose you mean Virtualhost/SSL/ and then add the path to privatekey.pem and full chainkey.pem)

Still doesn't work.

While trying to delete unnecessary certificates I see that the second one is good for 2 domains and here I am confused: is one Certificate good for all domains on the server ? Or do I need one Cert per domain ?

Because then I should just delete all certificates and then rerun certbot specifying all the domains?

Domains can be good for up to 100 different hostnames which can be from all kinds of different domains. It seems indeed that your third certificate is redundant: both smartwp.coach and www.smartwp.coach are also included in the second certificate. So in principle you could reconfigure your webserver to use the second cert also in the smartwp.coach VirtualHost and after you're sure you don't use the third cert anywhere any longer, you could delete it. However, some people prefer to keep the domains in separate certificate. For example, for "privacy" reasons. Or just find it "cleaner". But technically, it doesn't really matter.

Also, it seems the blog.webwatch.be-0001 certificate is now on its own, no duplicate for that one. I was expecting one due to the -0001 suffix of the certificate name.

Anyway, back to business: you were having trouble getting the cert for blog.webwatch.be properly installed. Unfortunately, I don't have experience with LiteSpeed. But according to Wikipedia, it shares much of the design with Apache. Perhaps you can figure out how to run the Apache command apachectl -S but then for LiteSpeed? Maybe there's a litespeedctl -S command or something? :stuck_out_tongue:

1 Like

OpenLitespeed has a console which makes the process much easier than Apache :wink:
I think it's related to the fact that the root domain is being hosted on another server, with its own certificate.

I'll keep looking

If you are the only admin to that system (IP, then there is no one left to blame or delegate this work to.
So, you will have to figure out why the cert for "blog.webwatch.be" isn't being served.
certbot did get the cert.
But why does it show:
Certificate Name: blog.webwatch.be -0001
That implies there is another one with that same exact name.
Which implies the panel was able to get one for you.
Which implies the panel has site already configured to use that name.
Which implies there is now a set of conflicting sites with that same name.
Too many witches - it's not Halloween yet!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.