SSL Certificate with error

September 5, 2014 51.6k views

Hi People.

We got certificate from Geotrust and try to install in server ubuntu - apache2 - openssl but show to us everytime same error:
AH01909: RSA certificate configured for does NOT include an ID which matches the server name

The conf apache file is correct same instructions:

  DocumentRoot "/var/www/xxx/htdocs"
  DirectoryIndex index.html index.php
  ErrorLog /var/www/xxx/log/ssl_error.log
  TransferLog /var/www/xxx/log/ssl_access.log
  SSLEngine On
  SSLProtocol all

  ServerPath "/var/www/lenharomegastore/htdocs"

  SSLCertificateFile /var/www/xxx/ssl2/xxx.crt
  SSLCertificateKeyFile /var/www/xxx/ssl2/xxx.key
  SSLCertificateChainFile /var/www/xxx/ssl2/positive_bundle.crt
  SSLCACertificateFile /var/www/lenharomegastore/ssl2/positive_bundle.crt

  <Directory "/var/www/XXX/htdocs">
     AllowOverride All
     Options Indexes Includes FollowSymLinks
     Order allow,deny
     Allow from all

We already verified if certificate is perfect with command

openssl x509 -in lenharomegastore.crt -noout -subject

and show to us

subject= /OU=Domain Control Validated/OU=PositiveSSL/

Thanks a lot friends

16 Answers

add the following to virtualhost configuration

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www(.)$
RewriteRule ^(.
)$ [R=301,L]

If the common name is, then you can only use that cert on but not

You may contact Geotrust to see if they can revoke the current cert and reissue a new cert with CN Otherwise you may have to buy another cert only for

Most cert authorities will include the root domain as an alias, so you don't have to buy cert specifically for the root domain.

Hi Tony and Stabidlo.

Thanks a lot for the informations.

The Certificate is correct only with not

We try to adjust apache adding this configuration but same error show in apache´s log:

[Sun Sep 07 00:24:13.977344 2014] [ssl:warn] [pid 22537] AH01909: RSA certificate configured for does NOT include an ID which matches the server name

I already tried to adjust a lot of ways but not work, the certificate is perfect, and I already verifiy all configuration in the apache, this is a crazy.

Thanks friends

  • Just out of curiosity, try this in /etc/apache2/ (or whatever the root config dir in ubuntu is)

    grep -r -i *

    It would be nice to see if this domain name is configured anywhere in apache configuration
    It's just annoying warning, should not have an impact on functionality, anyway it would be good to understand where it is coming from :-)

  • Hi Friends.

    With command :

    grep -r -i *

    The Results:

    sites-available/        ServerAlias xxx
    sites-available/  ServerAlias


  • What happens when you change the ServerName to

openssl x509 -in lenharomegastore.crt -noout -subject
subject= /OU=Domain Control Validated/OU=PositiveSSL/

Check given command, it seems that the SSL is issued by comodo.

As your said in your question,you purchased SSL certificate from GeoTrust. Please check you have configured new GeoTrust SSL certificate.

“does NOT include an ID which matches the server name”

at first impression, the reason behind this error is due to your domain name in SSL certificate does not match your real domain name. You should make sure that the common name and SAN domain names, both should match your primary domain name.

If you can not resolve the issue with given tips, you can contact our chat support @ Ask for this discussion reference; so that they can provide you free support. SSL certificate is purchased from us or elsewhere, does not matter. We’ll provide you free cost installation and technical support.

What happens when you change the ServerName to

What happens when you change the ServerName to Iran Tourism ?

I want to add https on my visit site . Which site provide ssl certification in cheap price.

The primary reason why I want SSL is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can access it. This is important because the information I intend to send on the Internet is passed from computer to computer to get to the destination server.
Also, I want to know What happens when you change the ServerName to Crazykrush.

One possible cause of this error is that a self-signed certificate is installed on the server. Self-signed certificates aren't trusted by browsers because they are generated by your server, not by a CA.

Yoga teacher training in India

Iran Tours
The infrastructure in Iran Tours smoothly and people are well educated. Of course the people you’ll speak to will be mostly those with a good level of English, but that’s quite a big part of the young educated population. It’s a fact that it takes 10 years to gain a PhD in Iran! So those who study are very serious about it.

Have another answer? Share your knowledge.