Let's Encrypt cert does not match? WTH?

Discussion in 'Installation/Configuration' started by ZeroEnna, Oct 11, 2016.

  1. ZeroEnna

    ZeroEnna Member

    Hey everyone,

    this morning, I came across some strange behaviour with Let'sEncrypt.
    First: All of a sudden, my services completely restarted. I thought "Well, might happen sometimes" and didn't think any of it, continues writing my mails when suddenly my mail client reported "SMTP server unreachable".
    Long story short: After analysis, my Apache log finally gave me a clue: "Private key and certificate do not match". It revoked the old certificate and issued a new, using certbot-auto

    certbot-auto certonly --standalone -d kirito.ennabe.de​

    Now, the certificate got issued and everything LOOKED fine, but when I replaced the existing self-signed certs with the LE ones (using ln -s), I still got the message "[...] do not match"

    What's going on? Am I too dumb to correctly configure the server?

    I have checked DNS settings, everything is fine, so DNS is pretty much ruled out.

    Thank you very much in advance.

    Kind Regards

  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Assuming this is ispconfig 3.1?

    For the website problem(s), do you have any values entered under the SSL tab for that website(s)?

    Was the apache message for the same domain as your mail server? Ie. did you add that domain as a website, enable letsencrypt for it, and also use that same certificate in /etc/letsencrypt/live/domain.tld/ for the mail server? If so the previous question about if there's anything (key/certificate/chain) entered under SSL tab would also be relevant to the mail server.

Share This Page