I think we broke something testing subdomains (see thread weird-issue-with-subdomains.91521). We had one Website, example.com with a let's encrypt cert. Then we added a second Website, pluto.example.com to install things like a webftp. Everything was fine and both were using their own certs. Then as I said we tried to configure a subdomain, and somewhere along the road things got messed up. For sure in some test we didn't flag SSL. Then we had: - pluto working fine - www getting a message error because it was attempting to use the cert from pluto - any Subdomain (Vhost) of www got the same certificate error Now we have deleted any subdomain, so back to step 1. We tried removing the SSL flags from www, waiting half a day then re-enabling them to no avail. In another thread with a similar issue, lets-encrypt-ssl-https-redirects-to-wrong-site.76623, there were references to check for /etc/letsencrypt/live and /etc/letsencrypt/archive We have neither: the only dir is /etc/letsencrypt/renewal-hooks and its subdir is /deploy As per the FAQ, we checked the log in /var/log/ispconfig/acme.log It looks like it finds the cert inside and recognizes it as not expired. The Subject Alternative Name is fine (both with and without www). Still, it doesn't get used. If there is an area in ISPC dedicated to certs management, we have completely missed it. What course of action would you suggest? Thanks in advance!
Please follow the Let's encrypt error FAQ: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ until the end and also read the read before posting thread https://forum.howtoforge.com/threads/please-read-before-posting.58408/ chapter "when visiting domain b, domain a shows up". There can never be a wrong SSL cert assigned to a site. So what you likely see is not that a wrong sl cert is assigned to a site, what you see is that you get a wrong site. And this happens if there is no SSL for a given site, then apache and nginx will show the first site in alphabet that has a SSL cert. So your problem is either that the site did not got a SSL cert (see let#s encrypt error faq) or that you fixed up IP nad * or use a wrong IP for a site.
