Question
Question
Certificate not valid for domain
Hi,
I am trying to setup a wildcard SSL for my domain. I generated it using certbot and got the congratulations message via:
/usr/local/bin/certbot-auto certonly –manual –preferred-challenges=dns –email=peter@mydomain.com –server https://acme-v02.api.letsencrypt.org/directory –agree-tos -d mydomain.com
Going to https://www.mydomain.com works fine, the problem is when I go to https://mydomain.com in Firefox I get:
Web sites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for mydomain.com. The certificate is only valid for www.mydomain.com.
Here is my Apache config:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin peter@mydomain.com
ServerName mydomain.com
ServerAlias www.mydomain.com audio.mydomain.com mydomain.com
DocumentRoot /home/mydomain/repos/mydomain.com/public
<Directory /home/mydomain/repos/mydomain.com/public>
Allowoverride All
Options FollowSymLinks
Require all granted
</Directory>
CustomLog ${APACHE_LOG_DIR}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/error.log
SSLCertificateFile /etc/letsencrypt/live/mydomain.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
This is the output of apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server mydomain.com (/etc/apache2/sites-enabled/001-mydomain.com-le-ssl.conf:2)
port 443 namevhost mydomain.com (/etc/apache2/sites-enabled/001-mydomain.com-le-ssl.conf:2)
alias www.mydomain.com
alias mydomain.com
port 443 namevhost mydomain.com (/etc/apache2/sites-enabled/002-bookstack-le-ssl.conf:2)
alias wiki.mydomain.com
port 443 namevhost git.mydomain.com (/etc/apache2/sites-enabled/003-gog-le-ssl.conf:2)
alias git
*:80 is a NameVirtualHost
default server mydomain.com (/etc/apache2/sites-enabled/001-mydomain.com.conf:1)
port 80 namevhost mydomain.com (/etc/apache2/sites-enabled/001-mydomain.com.conf:1)
alias www.mydomain.com
alias audio.mydomain.com
port 80 namevhost mydomain.com (/etc/apache2/sites-enabled/002-bookstack.conf:1)
alias wiki.mydomain.com
port 80 namevhost git.mydomain.com (/etc/apache2/sites-enabled/003-gog.conf:1)
alias git
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
And the output of /usr/local/bin/certbot-auto certificates
Requesting to rerun /usr/local/bin/certbot-auto with root privileges...
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py:163: CryptographyDeprecationWarning: OpenSSL version 1.0.1 is no longer supported by the OpenSSL project, please upgrade. The next version of cryptography will drop support for it.
utils.CryptographyDeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: audio.mydomain.com-0001
Domains: audio.mydomain.com
Expiry Date: 2020-03-29 10:11:53+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/audio.mydomain.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/audio.mydomain.com-0001/privkey.pem
Certificate Name: audio.mydomain.com
Domains: audio.mydomain.com wiki.mydomain.com www.mydomain.com
Expiry Date: 2019-05-23 11:46:42+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/audio.mydomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/audio.mydomain.com/privkey.pem
Certificate Name: mydomain.com-0001
Domains: *.mydomain.com
Expiry Date: 2020-03-29 10:42:02+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mydomain.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mydomain.com-0001/privkey.pem
Certificate Name: mydomain.com
Domains: mydomain.com
Expiry Date: 2020-03-29 10:50:21+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mydomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mydomain.com/privkey.pem
Certificate Name: www.mydomain.com
Domains: www.mydomain.com
Expiry Date: 2020-03-29 10:12:30+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.mydomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.mydomain.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Can anyone help?
Regards,
Peter
Add a comment
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×