Related

Letsencrypt for multiple domains on Nginx Question Question
How can I secure a web application using Nginx and lets encrypt? Question Question

Question

Floating IP deleted, Lets encrypt SSL not working anymore

Posted August 30, 2016 2.4k views
UbuntuLet's Encrypt

All my website with SSL encrytion were working fine. I have deleted my Floating IP as I don’t need it, and now I have only one website working with the LE SSL encryption.

So I have relaunch the command :
/opt/letsencrypt/letsencrypt-auto –apache –renew-by-default -d anotherwebsite.com -d www.anotherwebsite.com -d dev.anotherwebsite.com certonly

But the LE SSL encryption still doesn’t work for anotherwebsite.com

I don’t know what to do. When I try to go to https://anotherwebsite.com it tells me with Firefox Error Code : SSLERRORBADCERTDOMAIN

dev.anotherwebsite.com .com uses an invalid security certificate. The certificate is available only for the domains: mywebsite.com, dev.mywebsite.com, www.mywebsite.com

Indeed my LE SSL encryption is working for mywebsite.com

What can I do ? What do I have to check ?
Thanks for your help.

Add a comment
Defacta
By:
Defacta
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
Defacta August 30, 2016

Found !

I had to change the apache config file /etc/apache2/sites-available/anotherwebsite.com-le-ssl.conf:

    <IfModule mod_ssl.c>
    <VirtualHost *:443>

to

    <IfModule mod_ssl.c>
    <VirtualHost XXX.XXX.XXX.XXX:443>

Where XXX.XXX.XXX.XXX is my public ip address.

The question is, why was it working like that before deleting my Digital Ocean Floating IP and by the way, changing my server public IP address ?

Anyway, it’s working fine now :D

Reply Report
jasonsmith11 August 26, 2018

It works fine

https://www.ssllabs.com/ssltest/analyze.html?d=funnfrolic.co.uk&latest

You have a C, that is not good !!! Update your Settings !

SSLProtocol all -SSLv2 -SSLv3

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

SSLHonorCipherOrder on

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help