This certificate not valid (host name mismatch)

Discussion in 'General' started by onastvar, Mar 25, 2018.

  1. onastvar

    onastvar Member

    Hi,

    I checked everything in Let’s Encrypt Error FAQ, still have an issue. When I created new website recently I checked Let's Encrypt SSL when I go back it's not checked. I tried to go to SSL tab under Website and Delete SSL, that didn't fix it. Still cannot make work. Somehow certificate is not valid or some misconfiguration on my server. When I go to https://mywebsite.com I get This Connection Is Not Private - when I view Certificate in browser it shows - This certificate not valid (host name mismatch) Certificate expiration date is June 23, 2018 I created website on March 23 2018,

    I also tried to manually delete all files from /var/www/mywebsite.com/ssl and placed check on Let's Encrypt SSL under Website still broken.

    What else can I check?

    I have these files in folder
    /etc/letsencrypt/live/mywebsite.com#
    cert.pem chain.pem fullchain.pem privkey.pem README

    Also I have these files in archive folder
    /etc/letsencrypt/archive/mywebsite.com# ls
    cert1.pem chain1.pem fullchain1.pem privkey1.pem

    Code:
    /var/www/mywebsite.com/ssl# ls
mywebsite.com-le.bundle              mywebsite.com-le.bundle.old.20180325154602  mywebsite.com-le.crt.old.20180325154003 
mywebsite.com-le.key.old.20180325012303  mywebsite.com-le.key.old.20180325154802 mywebsite.com-le.bundle.old.20180325012303 
mywebsite.com-le.bundle.old.20180325154802  mywebsite.com-le.crt.old.20180325154103  mywebsite.com-le.key.old.20180325151402
mywebsite.com-le.bundle.old.20180325151402  mywebsite.com-le.crt                 mywebsite.com-le.crt.old.20180325154602  mywebsite.com-le.key.old.20180325154003 mywebsite.com-le.bundle.old.20180325154003  mywebsite.com-le.crt.old.20180325012303     mywebsite.com-le.crt.old.20180325154802  mywebsite.com-le.key.old.20180325154103 mywebsite.com-le.bundle.old.20180325154103  mywebsite.com-le.crt.old.20180325151402     mywebsite.com-le.key             mywebsite.com-le.key.old.20180325154602

    less /var/log/letsencrypt/letsencrypt.log
    Code:
    2018-03-25 20:48:02,162:DEBUG:certbot.main:Root logging level set at 20
2018-03-25 20:48:02,162:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-03-25 20:48:02,163:DEBUG:certbot.main:certbot version: 0.10.2

2018-03-25 20:48:02,163:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'mywebsite.com', '--domains', 'www.mywebsite.com', '--webroot-path', '/usr/local/ispconfig/interface/acme']
2018-03-25 20:48:02,164:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2018-03-25 20:48:02,164:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2018-03-25 20:48:02,167:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f36969daa10>
Prep: True
2018-03-25 20:48:02,167:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f36969daa10> and installer None
2018-03-25 20:48:02,192:DEBUG:certbot.main:picked account: <Account(340499477cb3ae28b091aa44778c27de)>
2018-03-25 20:48:02,193:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2018-03-25 20:48:02,195:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2018-03-25 20:48:02,375:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 562
2018-03-25 20:48:02,376:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 562
Replay-Nonce: jCQoJ3DX2XasBCS07gFDmZUFjeQBrOl0fpd-dK6mpBw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 25 Mar 2018 20:48:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 25 Mar 2018 20:48:02 GMT
Connection: keep-alive
{
  "XuNFDYUX74E": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2018-03-25 20:48:02,416:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2018-03-25 20:48:02,427:DEBUG:parsedatetime:CRE_UNITS matched
2018-03-25 20:48:02,428:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2018-03-25 20:48:02,428:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2018-03-25 20:48:02,428:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2018-03-25 20:48:02,428:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2018, tm_mon=3, tm_mday=25, tm_hour=20, tm_min=48, tm_sec=2, tm_wday=6, tm_yday=84, tm_isdst=0))
2018-03-25 20:48:02,428:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2018-03-25 20:48:02,428:DEBUG:parsedatetime:units days --> realunit days
2018-03-25 20:48:02,429:DEBUG:parsedatetime:return

2018-03-25 20:48:02,429:INFO:certbot.renewal:Cert not yet due for renewal

2018-03-25 20:48:02,429:INFO:certbot.main:Keeping the existing certificate
     
    Last edited: Mar 26, 2018
    onastvar, Mar 25, 2018
    #1
  2. onastvar

    onastvar Member

    [Solved for above domain] I ran a ISPConfig Debug, one of the other websites had Apache Directive which was causing apache issues, I cleared and certificate is valid now.
     
    Last edited: Mar 26, 2018
    onastvar, Mar 25, 2018
    #2
  3. onastvar

    onastvar Member

    I have issue with another older site. Checked Let's Encrypt SSL does not stay checked.

    less /var/log/letsencrypt/letsencrypt.log
    Code:
    2018-03-26 15:59:03,090:DEBUG:certbot.main:Root logging level set at 20
2018-03-26 15:59:03,090:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-03-26 15:59:03,091:DEBUG:certbot.main:certbot version: 0.10.2
2018-03-26 15:59:03,091:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'domain2.com', '--domains', 'www.domain2.com', '--webroot-path', '/usr/local/ispconfig/interface/acme']
2018-03-26 15:59:03,091:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2018-03-26 15:59:03,092:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2018-03-26 15:59:03,094:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f9317069a10>
Prep: True
2018-03-26 15:59:03,095:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f9317069a10> and installer None
2018-03-26 15:59:03,120:DEBUG:certbot.main:Picked account: <Account(340499477cb3ae28b091aa44778c27de)>
2018-03-26 15:59:03,121:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2018-03-26 15:59:03,123:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2018-03-26 15:59:03,599:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 562
2018-03-26 15:59:03,601:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 562
Replay-Nonce: g794eXOIAV1ANYpHSHoKobxOEWgVEUZyHjAv12DYyVw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 26 Mar 2018 15:59:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 26 Mar 2018 15:59:03 GMT
Connection: keep-alive

{
  "c7Cc6o2Pz_g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2018-03-26 15:59:03,665:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2018-03-26 15:59:03,680:DEBUG:parsedatetime:CRE_UNITS matched
2018-03-26 15:59:03,681:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2018-03-26 15:59:03,682:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2018-03-26 15:59:03,682:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2018-03-26 15:59:03,682:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2018, tm_mon=3, tm_mday=26, tm_hour=15, tm_min=59, tm_sec=3, tm_wday=0, tm_yday=85, tm_isdst=0))
2018-03-26 15:59:03,682:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2018-03-26 15:59:03,682:DEBUG:parsedatetime:units days --> realunit days
2018-03-26 15:59:03,683:DEBUG:parsedatetime:return
2018-03-26 15:59:03,683:INFO:certbot.renewal:Cert not yet due for renewal
2018-03-26 15:59:03,683:INFO:certbot.main:Keeping the existing certificate
     
    onastvar, Mar 26, 2018
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Use ispconfig debug mode to see why le gets disabed again.
     
    Last edited: Mar 26, 2018
    till, Mar 26, 2018
    #4
  5. onastvar

    onastvar Member

    The older website was wordpress, I had to update wp-config.php to update HTTP to HTTPS

    define('WP_HOME','https://domain2.com);
    define('WP_SITEURL','https://domain2.com');

    Now that webiste works as SSL and shows "Secured" however, Let's Encrypt SSL box does not stay checked under Webiste inside of ISPConfig.
     
    onastvar, Mar 26, 2018
    #5
  6. onastvar

    onastvar Member

    Set the log level to Debug under System > System > Server Config to DEBUG
    Commented out the line with server.sh cron job in crontab -e

    I get this:

    Code:
    
/usr/local/ispconfig/server/server.sh

26.03.2018-11:23 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
26.03.2018-11:23 - DEBUG - Found 1 changes, starting update process.
26.03.2018-11:23 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
26.03.2018-11:23 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
26.03.2018-11:23 - DEBUG - Create Let's Encrypt SSL Cert for: domain2.com
26.03.2018-11:23 - DEBUG - Let's Encrypt SSL Cert domains:  --domains domain2.com --domains www.domain2.com
26.03.2018-11:23 - DEBUG - exec: /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected]  --domains domain2.com --domains www.domain2.com --webroot-path /usr/local/ispconfig/interface/acme
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert not yet due for renewal
Keeping the existing certificate
26.03.2018-11:23 - DEBUG - Let's Encrypt Cert config path is: /etc/letsencrypt/renewal/domain2.com.conf.
26.03.2018-11:23 - DEBUG - Let's Encrypt Cert file: /etc/letsencrypt/live/domain2.com/fullchain.pem exists.
26.03.2018-11:23 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web1/.php-fcgi-starter
26.03.2018-11:23 - DEBUG - Enable SSL for: domain2.com
26.03.2018-11:23 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/domain2.com.vhost
26.03.2018-11:23 - DEBUG - Processed datalog_id 6313
26.03.2018-11:23 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
26.03.2018-11:23 - DEBUG - Restarting httpd: systemctl reload apache2.service
26.03.2018-11:23 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished.


/usr/local/ispconfig/server/server.sh

26.03.2018-11:23 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
26.03.2018-11:23 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished.
     
    onastvar, Mar 26, 2018
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    according to the log, the le checkbox should have stayed enabled now.
     
    till, Mar 26, 2018
    #7
  8. onastvar

    onastvar Member

    Strange, for some reason, Let's Encrypt SSL box does not stay checked. I tried multiple times, it goes back to unchecked. Certificate is valid and website works under HTTPS.
     
    onastvar, Mar 26, 2018
    #8
  9. onastvar

    onastvar Member

    FYI: All other other websites I have Let's Encrypt SSL check box are all unchecked but SSL certificate is valid and website works under HTTPS. Do you know why is this?
     
    onastvar, Mar 26, 2018
    #9

Share This Page