Till: Looking at this issue too long and my head is spinning. Would you please take a look and tell me how to approach correcting this mismatch. I believe I have narrowed it down. Multiple VHOST domains each with their own LetsEncrypt Cert. Additional LetsEncrypt Cert added (server-8002.domain.us) for ISPConfig and PHPmyAdmin. Thank you. --Barbara-- ## Self signed certificate generated for Ubuntu 14.04 NGINX server: server-8002.domain.us ISPConfig and PHPmyAdmin previously used self signed certificate. The exception error would pop in browser and it was accepted. Configured LetsEncrypt and PHPmyAdmin to use LetsEncrypt Signed Certificate server-8002.domain.us LetsEncrypt and PHPmyAdmin display the signed certificate, green bar and no error. When no port (8080, 8081) specified browser: https://server-8002.domain.us Previously presented the self signed certificate with the exception, as expected. Now browser ignores the overridden exception with error: server-8002.domain.us uses an invalid security certificate. The certificate is only valid for the following names: domain.com, www.domain.com (Error code: ssl_error_bad_cert_domain The Cert info is valid, not expired and the Subject Alternative Name is: DNS Name=server-8002.domain.us Confirm browser exception and the the browser url displays https://server-8002.domain.us/ But resolves to the data within the domain: https://domain.com/ along with the LetsEncrypt Certifcate for: domain.com even though the browser address is: https://server-8002.domain.us/ Note: added the following to have PHPmyAdmin use the LetsEncrypt signed certificate for: server-8002.domain.us ISPConfig: Server Config / Web / Apps Vhost Settings: Apps-vhost port: 8081 ssl; ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key Apps-vhost IP: _default_ Apps-vhost Domain: server-8002.domain.us Ref Link: https://www.digitalocean.com/commun...-ispconfig-3-nginx-not-apache-on-ubuntu-14-04 The beginning of APPS.VHOST: server { listen 8081 ssl; ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; server_name server-8002.domain.us; root /var/www/apps;
Check that the SSL cert /usr/local/ispconfig/interface/ssl/ispserver.crt is really for the domain server-8002.domain.us and not www.domain.us.
Till: Not that simple, checked all that. Note the difference with tld, even though the domain names are same (domain.us/.tv/.org/.com). The anomaly is very strange: When using port 8080 & 8081 at https://server-8002.domain.us:8080 / :8081 the LetsEncrypt cert for server-8002.domain.us is used (no error) for ISPConfig & PHPmyAdmin. FYI, individual LetEncrypt certs have been applied and work for all website domains (6) on server. When no port specified (default 80) at http://server-8002.domain.us browser error (invalid security cert) is reported: certificate is only valid for the following names: domain.com, www.domain.com Cert viewed and confirmed it is for: domain.com, www.domain.com Confirm Exception and Browser URL displays: https://server-8002.domain.us/ Contents of website: https://domain.com/ is displayed and (greenbar) Cert is for domain.com, www.domain.com http://server-8002.domain.us/ is redirected to contents & cert for web5 (domain.com, www.domain.com) while URL displays https://server-8002.domain.us/ A cool 14C last night in northern New York near the Canadian border on the Great Lakes. Hope all is well in your world. Thank you. --Barbara--
Check the nginx vhost files for the ispconfig and apps vhost and see if the ssl directive sin them points to the right cert. Then it can be (if there is no ssl cert for a given domain on port 443 and you access this domain on port 443, then nginx will use the first website that it finds with ssl on this port. so your attempt to access the hostname of the server on port 443 can just mean that there is no default ssl vhost on port 443 (which is the default btw).
