I generated LE certificates using the below command:
certbot certonly --dns-linode --dns-linode-credentials ~/.secrets/certbot/linode.ini --dns-linode-propagation-seconds 1000 -d *.onartstructures.com -d onartstructures.com
vhost calls the certificates with these lines:
SSLCertificateFile /etc/letsencrypt/live/onartstructures.com-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/onartstructures.com-0001/privkey.pem
The website works fine with padlock.
However, SSLlabs says âcertificate name mismatch.â
Try these other domain names (extracted from the certificates):
I deleted and generated the certificates, but still the same problem. I tried with other domain names. They all exhibit the same issue. There is an invisible link with my main domain (wintess.com) which I cannot break.
I have read many posts regarding this problem but couldnât fix it.
I would appreciate any help.
Thank you.
Information on my setup:
My domains are: wintess.com, onartstructures.com
I ran this command: apachectl -S
It produced this output:
VirtualHost configuration:
172.104.150.134:443 is a NameVirtualHost
default server www.wintess.com (/etc/httpd/conf.d/1.wintess.com.conf:1)
port 443 namevhost www.wintess.com (/etc/httpd/conf.d/1.wintess.com.conf:1)
port 443 namevhost mantis.wintess.com (/etc/httpd/conf.d/mantis.wintess.com.conf:1)
port 443 namevhost webmail.wintess.com (/etc/httpd/conf.d/webmail.wintess.com.conf:1)
port 443 namevhost www.onartstructures.com (/etc/httpd/conf.d/www.onartstructures.com.conf:1)
172.104.150.134:80 is a NameVirtualHost
default server www.wintess.com (/etc/httpd/conf.d/1.wintess.com.conf:13)
port 80 namevhost www.wintess.com (/etc/httpd/conf.d/1.wintess.com.conf:13)
alias wintess.com
port 80 namevhost mantis.wintess.com (/etc/httpd/conf.d/mantis.wintess.com.conf:21)
port 80 namevhost webmail.wintess.com (/etc/httpd/conf.d/webmail.wintess.com.conf:21)
port 80 namevhost www.onart.com.tr (/etc/httpd/conf.d/www.onart.com.tr.conf:1)
alias onart.com.tr
port 80 namevhost www.onartstructures.com (/etc/httpd/conf.d/www.onartstructures.com.conf:13)
alias onartstructures.com
*:443 www.wintess.com (/etc/httpd/conf.d/ssl.conf:40)
ServerRoot: â/etc/httpdâ
Main DocumentRoot: â/var/www/htmlâ
Main ErrorLog: â/etc/httpd/logs/error_logâ
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
PidFile: â/etc/httpd/run/httpd.pidâ
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=âapacheâ id=48
Group: name=âapacheâ id=48
My web server is (include version): Apache/2.4.37
The operating system my web server runs on is (include version): CentOS Linux release 8.2.2004
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I donât know): yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot): certbot 1.6.0
Looking at your apachectl -S output, you donât have a HTTPS namevhost configured for the bare domain name, only for the www subdomain.
The same goes for wintess.com, but as thatâs the default virtualhost, you donât get any trouble there. Strangely enough, you do have the aliases for the bare domain name on the HTTP virtualhosts though.
Offtopic: Sorry, but even the details are often very unclear in my opinion. The fact it's too complicated for @sse450 shouldn't envoke a "it's your own fault" reaction, but rather a "how can I improve my tool".
Offtopic: I'm not complaining about the tool itself, because I don't use it. I was reacting to your reply to @sse450 which, IMO, was kind of rude and not very empathic.
Sorry if Iâve gotten in the middle of something. From what I can see, @JuergenAuer has made a very powerful (and extensive) tool, albeit a huge Swiss Army knife. It looks quite helpful, but rather daunting to even a somewhat seasoned web developer. Have you @JuergenAuer any âsubtoolsâ that break down checks into more dedicated aspects? In my own experience, TL;DR can really hurt even the best products. I agree with @Osiris in the sense that I donât feel an effective response to a math student who wants to understand how to calculate the area of a rectangle is to hit him in the head with a calculus book. Again, sorry for my intrusion.