Letsencrypt Cert. no Green Bar

Discussion in 'Installation/Configuration' started by DrBob, Jul 24, 2017.

  1. DrBob

    DrBob New Member

    I installed ISPconfig 3.1.6 on Debian Stretch with the "Perfect Server" - Tutorial.
    Everything went right and works, but there is only one Problem with Letsencrypt:

    First 1 created the Website "server1.example.com" and activated SSL and Letsencrypt SSL. The Certificate has been created but when i created a systemlink from /etc/letsencrypt/live/server1.example.com to /usr/local/ispconfig/interfaces/ssl/ and restarted Apache, it didn't Work and I had to restore the selfmade Certificates to get Apache starting again.

    This is not the main Problem my Hostname is server1.example.com and when I opened "https_server1.example.com" everything works fine and the Adress Bar is Green.

    But when I create another Website with for example "_owncloud.example.com" and open this Site via https the Letsencrypt Cert. has been created successfully but the Adress Bar is not Green I get this error message: SSL_ERROR_BAD_CERT_DOMAIN

    I think there's a Problem with the Server Configuration maybe because of the Hostname?

    I would really appreciate if I get a Green Adress Bar on every subdomain (*.example.com) I create.

    Did I do somethin wrong?

    A few month ago I set up a Server with Debian 8 and Ispconfig 3.1.X but everything worked there fine, even with the Letsencrypt Certs for Subdomains.

    Sorry for the URL's from above I had to change them because I'm not allowed to Post links

    Kind Regards,
  2. sjau

    sjau Local Meanie Moderator

    LE does not offer wildcard certificates (yet; they start to do so beginning from januar).
    This means the hostname/fqdn must exactely match.

    so "domain.tld" is diffferent from "www.domain.tld".

    You'll need to have both names in the cert for both to show the green lock.

    Why did you create a symlink from /etc/letsencrypt/live/server1.example.com to /usr/local/ispconfig/interfaces/ssl/ ?

    If you wnat to have a green lock for ISPConfig etc. we can help you.
  3. DrBob

    DrBob New Member

    Thank you for your answer.

    I created a Systemlink because I want to have a Green Bar when I open ispconfig, but that's not really important for me.
    So I want to use server1.example.com:8080 when I open ispconfig. This is why I created the Website server1.example.com, that it creates LE certs. for the hostname.

    On another Server I configured the Hostname/FQND is isp.example.com, I created the syslink and it worked so I can open ispconfig through isp.example.com:8080.
    Then I created the Website board.example.com and example.com created the LE certs with ISP and it worked fine without any Problems.

    This is the reason why I'm confused that it doesn't work this time...

    What would you recommend to get a Green Bar when I open isp?
  4. sjau

    sjau Local Meanie Moderator

  5. DrBob

    DrBob New Member

    Thanks. I'll try it later this evening.
    About my other Problem I looked up at the other Server where everything works fine and made a few Screenshots.

    Screenshot k_001: k_001.PNG
    You can see that the hostname of this server "isp.example.com" is and that I created the Website's
    • "isp.example.com"
    • "example.com"
    • "forum.example.com"
    Screenshot k_002: k_002.PNG
    Is the Cert for ISPconfig so "isp.example.com" and "Allgemeiner Name(CN)" is the hostname.

    Screenshot k_003: k_003.PNG
    It shows the Cert for the Subdomain "forum.example.com" and "Allgemeiner Name(CN)" is not the Hostname of the Server.

    Screenshot s_004: s_004.PNG
    Is from the Server I recently set up.
    On the top you see Website is "forum.example.com" but "Allgemeiner Name(CN)" is the Hostname of the Server ("server1.example.com")

    That's the difference and I think the Reason why I it doesn't work...
    I think if in the s_004 Screenshot the "Allgemeiner Name(CN)" would be the same like Website ("forum.example.com") it would work...

    On the Server with "isp.example.com" as Hostname the ISPconfig Version which is running is 3.1.2
    The other is 3.1.6
    Could it be that there have been made some changes because I don't see any difference between the configuration of these two Servers.

    i hope it's understandable explained.

Share This Page