0
I added three Let'sEncrypt certificates for three domains with their own distinct websites. The certificates show as follows:
Found the following certs:
Certificate Name: mydomain1.info
Domains: mydomain1.info
Expiry Date: 2020-01-08 13:49:13+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mydomain1.info/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mydomain1.info/privkey.pem
Certificate Name: www.mydomain2.com
Domains: www.mydomain2.com mydomain2.com
Expiry Date: 2020-01-08 15:12:43+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.mydomain2.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.mydomain2.com/privkey.pem
Certificate Name: www.mydomain3.ca
Domains: www.mydomain3.ca mydomain3.ca
Expiry Date: 2020-01-08 15:12:43+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.mydomain3.ca/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.mydomain3.ca/privkey.pem
Unfortunately, when I test mydomain2.com or mydomain3.ca on www.ssllabs.com I get the following errors for both
Certificate name mismatch
Try these other domain names (extracted from the certificates): mydomain1.info
The web site does not use SSL, but shares an IP address with some other site that does
[…]
Something seems to have a problem identifying the correct certificates.
Why are the respective certificates of mydomain2 and mydomain3 not recognized?
It seems to indicate that LetsEncrypt cannot handle more than one certificate per IP address, although I find that unlikely. I am by no means a Linux administrator, but from what I have researched, I understand that the issue of dealing with multiple domains on a single IP address and even the same port has long been resolved and applies to the versions of the packages installed on my server
CentOS 6.10
httpd v2.2.15-60.el6.6vm
mod_ssl v2.2.15-60.el6.6vm
openssl v1.0.1e-58.el6_10
libcurl v7.19.7-53.el6_9
There are also errors when I restart httpd indicating a port 443 conflict
[Thu Oct 10 13:54:50 2019] [warn] VirtualHost xx.xxx.xxx.xx:443 overlaps with VirtualHost xx.xxx.xxx.xx:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 10 13:54:50 2019] [warn] VirtualHost xx.xxx.xxx.xx:443 overlaps with VirtualHost xx.xxx.xxx.xx:443, the first has precedence, perhaps you need a NameVirtualHost directive
The httpd.conf
file already contains the NameVirtualHost directive ahead of the < VirtualHost > statements
Any explanations, and especially suggestions on how to correct this issue, are most welcome.
Edit:
For others who might have the same issues, the port conflict issue was resolved by changing [ip]:80 and [ip]:443 used in the < VirtualHost > and NameVirtualHost directives to *:80 and *.443 and have NameVirtualHost statements for both in the httpd.conf file as follows
NameVirtualHost *:80
NameVirtualHost *:443
Thanks for the feedback to those who responded.
Does SSLLabs report that your server supports TLSv1.2? Can you find any other mentions of
[Nn]ame-based
in your Apache startup log? – user1686 – 2019-10-11T04:36:25.250It seems that the recommended way is to ask for a single certificate covering all the sites: https://community.letsencrypt.org/t/host-multiple-domains-with-a-single-certificate/20917
– xenoid – 2019-10-11T08:29:36.823You may want to [edit] this question and update it with your Apache version as well as virtual host and SSL configs. It seems possible this could be a misconfiguration (since it should be possible to host multiple, separate Let's Encrypt certificates on a single Apache v2.2.12+ host, at least without
Certbot
). – Anaksunaman – 2019-10-11T08:58:11.390See my Edit in the original post for the solution – Paul – 2019-10-12T13:08:27.210
Looks like you have a misconfiguration. Please check the documentation of
NameVirtualHost
. It warns: “Note that the argument to the<VirtualHost>
directive must exactly match the argument to theNameVirtualHost
directive.” Did you verify this is correctly set up? – Daniel B – 2019-10-12T13:27:22.640