This certificate not valid (host name mismatch)

Discussion in 'General' started by onastvar, Mar 25, 2018.

  1. onastvar

    onastvar Member

    Hi,

    I checked everything in Let’s Encrypt Error FAQ, still have an issue. When I created new website recently I checked Let's Encrypt SSL when I go back it's not checked. I tried to go to SSL tab under Website and Delete SSL, that didn't fix it. Still cannot make work. Somehow certificate is not valid or some misconfiguration on my server. When I go to https://mywebsite.com I get This Connection Is Not Private - when I view Certificate in browser it shows - This certificate not valid (host name mismatch) Certificate expiration date is June 23, 2018 I created website on March 23 2018,

    I also tried to manually delete all files from /var/www/mywebsite.com/ssl and placed check on Let's Encrypt SSL under Website still broken.

    What else can I check?

    I have these files in folder
    /etc/letsencrypt/live/mywebsite.com#
    cert.pem chain.pem fullchain.pem privkey.pem README

    Also I have these files in archive folder
    /etc/letsencrypt/archive/mywebsite.com# ls
    cert1.pem chain1.pem fullchain1.pem privkey1.pem

    Code:
    /var/www/mywebsite.com/ssl# ls
    mywebsite.com-le.bundle              mywebsite.com-le.bundle.old.20180325154602  mywebsite.com-le.crt.old.20180325154003 
    mywebsite.com-le.key.old.20180325012303  mywebsite.com-le.key.old.20180325154802 mywebsite.com-le.bundle.old.20180325012303 
    mywebsite.com-le.bundle.old.20180325154802  mywebsite.com-le.crt.old.20180325154103  mywebsite.com-le.key.old.20180325151402
    mywebsite.com-le.bundle.old.20180325151402  mywebsite.com-le.crt                 mywebsite.com-le.crt.old.20180325154602  mywebsite.com-le.key.old.20180325154003 mywebsite.com-le.bundle.old.20180325154003  mywebsite.com-le.crt.old.20180325012303     mywebsite.com-le.crt.old.20180325154802  mywebsite.com-le.key.old.20180325154103 mywebsite.com-le.bundle.old.20180325154103  mywebsite.com-le.crt.old.20180325151402     mywebsite.com-le.key             mywebsite.com-le.key.old.20180325154602

    less /var/log/letsencrypt/letsencrypt.log
    Code:
    2018-03-25 20:48:02,162:DEBUG:certbot.main:Root logging level set at 20
    2018-03-25 20:48:02,162:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2018-03-25 20:48:02,163:DEBUG:certbot.main:certbot version: 0.10.2
    
    2018-03-25 20:48:02,163:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'mywebsite.com', '--domains', 'www.mywebsite.com', '--webroot-path', '/usr/local/ispconfig/interface/acme']
    2018-03-25 20:48:02,164:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
    2018-03-25 20:48:02,164:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2018-03-25 20:48:02,167:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot.plugins.webroot:Authenticator
    Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f36969daa10>
    Prep: True
    2018-03-25 20:48:02,167:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f36969daa10> and installer None
    2018-03-25 20:48:02,192:DEBUG:certbot.main:picked account: <Account(340499477cb3ae28b091aa44778c27de)>
    2018-03-25 20:48:02,193:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
    2018-03-25 20:48:02,195:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    2018-03-25 20:48:02,375:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 562
    2018-03-25 20:48:02,376:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Content-Type: application/json
    Content-Length: 562
    Replay-Nonce: jCQoJ3DX2XasBCS07gFDmZUFjeQBrOl0fpd-dK6mpBw
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Sun, 25 Mar 2018 20:48:02 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 25 Mar 2018 20:48:02 GMT
    Connection: keep-alive
    {
      "XuNFDYUX74E": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
      "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
      "meta": {
        "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
      },
      "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
      "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
      "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
      "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
    }
    2018-03-25 20:48:02,416:DEBUG:parsedatetime:parse (top of loop): [30 days][]
    2018-03-25 20:48:02,427:DEBUG:parsedatetime:CRE_UNITS matched
    2018-03-25 20:48:02,428:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
    2018-03-25 20:48:02,428:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
    2018-03-25 20:48:02,428:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
    2018-03-25 20:48:02,428:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2018, tm_mon=3, tm_mday=25, tm_hour=20, tm_min=48, tm_sec=2, tm_wday=6, tm_yday=84, tm_isdst=0))
    2018-03-25 20:48:02,428:DEBUG:parsedatetime:_buildTime: [30 ][][days]
    2018-03-25 20:48:02,428:DEBUG:parsedatetime:units days --> realunit days
    2018-03-25 20:48:02,429:DEBUG:parsedatetime:return
    
    2018-03-25 20:48:02,429:INFO:certbot.renewal:Cert not yet due for renewal
    
    2018-03-25 20:48:02,429:INFO:certbot.main:Keeping the existing certificate
     
    Last edited: Mar 26, 2018
  2. onastvar

    onastvar Member

    [Solved for above domain] I ran a ISPConfig Debug, one of the other websites had Apache Directive which was causing apache issues, I cleared and certificate is valid now.
     
    Last edited: Mar 26, 2018
  3. onastvar

    onastvar Member

    I have issue with another older site. Checked Let's Encrypt SSL does not stay checked.

    less /var/log/letsencrypt/letsencrypt.log
    Code:
    2018-03-26 15:59:03,090:DEBUG:certbot.main:Root logging level set at 20
    2018-03-26 15:59:03,090:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2018-03-26 15:59:03,091:DEBUG:certbot.main:certbot version: 0.10.2
    2018-03-26 15:59:03,091:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'domain2.com', '--domains', 'www.domain2.com', '--webroot-path', '/usr/local/ispconfig/interface/acme']
    2018-03-26 15:59:03,091:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
    2018-03-26 15:59:03,092:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2018-03-26 15:59:03,094:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot.plugins.webroot:Authenticator
    Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f9317069a10>
    Prep: True
    2018-03-26 15:59:03,095:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f9317069a10> and installer None
    2018-03-26 15:59:03,120:DEBUG:certbot.main:Picked account: <Account(340499477cb3ae28b091aa44778c27de)>
    2018-03-26 15:59:03,121:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
    2018-03-26 15:59:03,123:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    2018-03-26 15:59:03,599:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 562
    2018-03-26 15:59:03,601:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Content-Type: application/json
    Content-Length: 562
    Replay-Nonce: g794eXOIAV1ANYpHSHoKobxOEWgVEUZyHjAv12DYyVw
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Mon, 26 Mar 2018 15:59:03 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Mon, 26 Mar 2018 15:59:03 GMT
    Connection: keep-alive
    
    {
      "c7Cc6o2Pz_g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
      "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
      "meta": {
        "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
      },
      "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
      "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
      "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
      "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
    }
    2018-03-26 15:59:03,665:DEBUG:parsedatetime:parse (top of loop): [30 days][]
    2018-03-26 15:59:03,680:DEBUG:parsedatetime:CRE_UNITS matched
    2018-03-26 15:59:03,681:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
    2018-03-26 15:59:03,682:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
    2018-03-26 15:59:03,682:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
    2018-03-26 15:59:03,682:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2018, tm_mon=3, tm_mday=26, tm_hour=15, tm_min=59, tm_sec=3, tm_wday=0, tm_yday=85, tm_isdst=0))
    2018-03-26 15:59:03,682:DEBUG:parsedatetime:_buildTime: [30 ][][days]
    2018-03-26 15:59:03,682:DEBUG:parsedatetime:units days --> realunit days
    2018-03-26 15:59:03,683:DEBUG:parsedatetime:return
    2018-03-26 15:59:03,683:INFO:certbot.renewal:Cert not yet due for renewal
    2018-03-26 15:59:03,683:INFO:certbot.main:Keeping the existing certificate
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Use ispconfig debug mode to see why le gets disabed again.
     
    Last edited: Mar 26, 2018
  5. onastvar

    onastvar Member

    The older website was wordpress, I had to update wp-config.php to update HTTP to HTTPS

    define('WP_HOME','https://domain2.com);
    define('WP_SITEURL','https://domain2.com');

    Now that webiste works as SSL and shows "Secured" however, Let's Encrypt SSL box does not stay checked under Webiste inside of ISPConfig.
     
  6. onastvar

    onastvar Member

    Set the log level to Debug under System > System > Server Config to DEBUG
    Commented out the line with server.sh cron job in crontab -e

    I get this:

    Code:
    /usr/local/ispconfig/server/server.sh
    
    26.03.2018-11:23 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    26.03.2018-11:23 - DEBUG - Found 1 changes, starting update process.
    26.03.2018-11:23 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    26.03.2018-11:23 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    26.03.2018-11:23 - DEBUG - Create Let's Encrypt SSL Cert for: domain2.com
    26.03.2018-11:23 - DEBUG - Let's Encrypt SSL Cert domains:  --domains domain2.com --domains www.domain2.com
    26.03.2018-11:23 - DEBUG - exec: /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected]  --domains domain2.com --domains www.domain2.com --webroot-path /usr/local/ispconfig/interface/acme
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Cert not yet due for renewal
    Keeping the existing certificate
    26.03.2018-11:23 - DEBUG - Let's Encrypt Cert config path is: /etc/letsencrypt/renewal/domain2.com.conf.
    26.03.2018-11:23 - DEBUG - Let's Encrypt Cert file: /etc/letsencrypt/live/domain2.com/fullchain.pem exists.
    26.03.2018-11:23 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web1/.php-fcgi-starter
    26.03.2018-11:23 - DEBUG - Enable SSL for: domain2.com
    26.03.2018-11:23 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/domain2.com.vhost
    26.03.2018-11:23 - DEBUG - Processed datalog_id 6313
    26.03.2018-11:23 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
    26.03.2018-11:23 - DEBUG - Restarting httpd: systemctl reload apache2.service
    26.03.2018-11:23 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished.
    
    
    /usr/local/ispconfig/server/server.sh
    
    26.03.2018-11:23 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    26.03.2018-11:23 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished.
    
    
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    according to the log, the le checkbox should have stayed enabled now.
     
  8. onastvar

    onastvar Member

    Strange, for some reason, Let's Encrypt SSL box does not stay checked. I tried multiple times, it goes back to unchecked. Certificate is valid and website works under HTTPS.
     
  9. onastvar

    onastvar Member

    FYI: All other other websites I have Let's Encrypt SSL check box are all unchecked but SSL certificate is valid and website works under HTTPS. Do you know why is this?
     

Share This Page