ISPConfig - For multiple sites, Let's Encrypt is signing certificate with wrong name

Discussion in 'Installation/Configuration' started by Gtan Danny, Mar 4, 2019.

  1. Gtan Danny

    Gtan Danny New Member

    I have successfully created and activated SSL/Let's Encrypt in ISPConfig for my first website which has domain name myfirstdomain.com under Websites. Then I create a a second website myseconddomain.com under Websites and activate SSL/Let's Encrypt. When I access myseconddomain.com, I get the following error in the browser:

    NET::ERR_CERT_COMMON_NAME_INVALID.
    This server could not prove that it is myseconddomain.com; its security certificate is from myfirstdomain.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

    Basically, the second domain is being signed with the first one. Any help?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely, the second domain has no SSL, this can happen when LE did not issue an ssl cert for it. Check the website settings of the second site, did the ssl and letsencrypt checkboxes stay ticked?
     
  3. Gtan Danny

    Gtan Danny New Member

    No, the checkboxes ssl and letsencrypt have become unticked. I ticked them back and saved. When I check again, they appear ticked and then after another check, they become unticked again.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. Gtan Danny

    Gtan Danny New Member


    You are right. I tried to generate the certificates manually using `certbot --apache`. I got the following error:

    An unexpected error occurred:
    There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for exact set of domains: myseconddomain dot com,www dot myseconddomain dot com:

    I have exceeded letsencrypt limits for issuing certificates for this domain. I need to wait for some time and retry.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Please don't do that on an ISPConfig system, it will break the vhost and makes it unmanagable. And when ISPConfig cannot get an SSL cert for the site using certbot, then you will not get one with a manual certbot run too. Just use the LE function inside ISPConfig.
     
  7. Gtan Danny

    Gtan Danny New Member

    Noted!
     

Share This Page