Wrong common name for www subdomain
Hi all - on my cent0s 8 server, I've successfully used certbot to install certs on my non-www domain, as well as a couple other sub-domains - but for my www subdomain, it shows my xxx.members.linode.com as the common name, and this is invalidating the cert.
It seems like this should be a simple fix, but I'm stumped. In addition, the www domain throws a 403 error (but shows the apache test page - http version shows the expected page).
https://www.twop1pager.com/ (403 error)
http://www.twop1pager.com/ (works - shows "Back soon")
https://api.twop1pager.com/ (works, and http redirects to https)
An apachectl configtest
shows my syntax is ok, haven't found any clues in the logs.
When I initially installed the cert - it didn't pick up the "www" - but I added it with:
certbot-auto certonly --cert-name twop1pager.com -d twop1pager.com,www.twop1pager.com,api.twop1pager.com```
And now when i do certbot-auto certificates
I see:
Found the following certs:
Certificate Name: twop1pager.com
Serial Number: 4baaa79fedc62fb8f2e67b362f3a84e0984
Domains: twop1pager.com api.twop1pager.com www.twop1pager.com
Expiry Date: 2021-01-19 22:26:36+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/twop1pager.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/twop1pager.com/privkey.pem
```
I've reloaded/restarted httpd - am I missing something?
5 Replies
The cert used by https://www.twop1pager.com/ appears to be self-issued and self-signed. The cert used by https://api.twop1pager.com/ is a Let's Encrypt cert.
Are you sure your configuration for https://www.twop1pager.com/ is using the right cert file(s)? Did you blow your server cache before restarting:
- stop server;
- blow server cache;
- start server?
Here's info on how to blow the server cache:
http://httpd.apache.org/docs/current/programs/htcacheclean.html
Just to make sure, it would probably of benefit to blow your browser cache too…
-- sw
Thanks @stevewi - I appreciate the reply. Unfortunately, no dice.
I stopped the server, ran sudo htcacheclean -r -p/var/cache/httpd
and verified the dirs in /var/cache/httpd/
were all empty, restarted httpd and still the same.
But it did lead me down another rabbit hole, and I think my problem is in here:
sudo httpd -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server api.twop1pager.com (/etc/httpd/sites-enabled/api.twop1pager.com.conf:7)
port 80 namevhost api.twop1pager.com (/etc/httpd/sites-enabled/api.twop1pager.com.conf:7)
port 80 namevhost fetch.twop1pager.com (/etc/httpd/sites-enabled/fetch.twop1pager.com.conf:7)
port 80 namevhost twop1pager.com (/etc/httpd/sites-enabled/twop1pager.com.conf:7)
alias www.twop1pager.com
*:443 is a NameVirtualHost
default server li1974-33.members.linode.com (/etc/httpd/conf.d/ssl.conf:40)
port 443 namevhost li1974-33.members.linode.com (/etc/httpd/conf.d/ssl.conf:40)
port 443 namevhost twop1pager.com (/etc/httpd/sites-available/twop1pager.com-le-ssl.conf:2)
port 443 namevhost api.twop1pager.com (/etc/httpd/sites-available/api.twop1pager.com-le-ssl.conf:2)
port 443 namevhost fetch.twop1pager.com (/etc/httpd/sites-available/fetch.twop1pager.com-le-ssl.conf:2)
If you post the contents of /etc/httpd/conf.d/ssl.conf, maybe we can help you out (redact anything that may be private).
-- sw
Thanks again @stevewi - this is a practically new install, haven't modified anything here yet: