My domain is: calculator.360-biz.com My web server is (include version): Apache HTTPD 2.4.66-8 The operating system my web server runs on is (include version): RHEL 7.6 I can login to a root shell on my machine (yes or no, or I don’t know): yes I ran this command: sudo certbot certonly --manual…

Hi @MCDELTAT [image] MCDELTAT: I ran this command: sudo certbot certonly --manual --preferred-challenges dns-01 -d calculator.360-biz.com and successfully obtained a cert, but once set up in my Apache server, Chrome reports an incorrect subjectAlternativeName, which is true. The certificate w…

[image] JuergenAuer: sudo certbot certonly --manual --preferred-challenges dns-01 -d calculator.360-biz.com Note the CERTONLY in the command. Please show: sudo certbot certificates According to this a cert was issued: crt.sh | calculator.360-biz.com Free CT Log Certificate Sea…

@rg305 @JuergenAuer The output of sudo certbot certificates shows several of my other certificates, but for this issue it is: Certificate Name: calculator.360-biz.com Domains: calculator.360-biz.com Expiry Date: 2019-04-08 20:31:25+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/cal…

https://www.ssllabs.com/ssltest/analyze.html?d=calculator.360-biz.com The restart was probably the missing piece. Again using CERTONLY doesn’t do much of what you had to do manually.

Ah. I spotted my error. Certbot always generates the virtual host as <VirtualHost 172.24.16.158:443> whereas I was using the wildcard *. Is this always the case? My site is fine now from Chrome. Hopefully I’ll be able to renew with the tls-sni-01 challenge later, otherwise I’ll be stuck renewing …

[image] MCDELTAT: Can I test the renewal mechanism even when not near expiration? Yes, use: --dry-run

[image] MCDELTAT: Certbot always generates the virtual host as <VirtualHost 172.24.16.158:443> This doesn't seem right - when using CERTONLY it doesn't make any such changes.

[image] rg305: This doesn’t seem right - when using CERTONLY it doesn’t make any such changes. All the others were created using the automatic http-01 challenge. This site in particular has some issue with that challenge, so I couldn't. Will TLS-01 challenge now.

[image] MCDELTAT: Ah. I spotted my error. Certbot always generates the virtual host as <VirtualHost 172.24.16.158:443> whereas I was using the wildcard *. Is this always the case? Certbot doesn't always use one or the other - it uses whichever it thinks you're already using. I remember the…

[image] MCDELTAT: Will TLS-01 challenge now. Tls-sni-01 is dead - 2019-02-13 [image] March 13, 2019: End-of-Life for All TLS-SNI-01 Validation Support API Announcements L…

Wrong subjectAlternativeName with certbot dns-01 challenge

Help

JuergenAuer January 9, 2019, 8:27am 11

Tls-sni-01 is dead - 2019-02-13

Topic		Replies	Views
Error getting a certificate on a subdomain on a separate server Server	2	1172	February 9, 2018
Can't generate my Wildcard Certificate by DNS-01 challenge Help	4	2171	December 19, 2019
Unable to pass challnge test to obtain new certificate Help	5	591	January 4, 2020
Incorrect validation certificate for challenge Help	6	11257	May 18, 2017
Error: Incorrect validation certificate for TLS-SNI-01 challenge Server	8	2838	October 26, 2016

Wrong subjectAlternativeName with certbot dns-01 challenge

Related topics