[Solved] LetsEncrypt & Certificate Name Mismatch


#1

When I select one of the domains I host using HTTPS, the Certificate returned shows the ‘machine name’ and not the ‘domain name’ e.g.: example.default.user.uk0.bigv.io instead of myexecllentdomain.com.

What could be wrong?

Running symbiosis-ssl --verbose shows all domain certs are signed and valid. However for some reason the one returned by the server is the self-signed certificated relating to the ‘machine name’ domain.


SSL problem in browser - wrong Common Name (Apache or Let's Encrypt issue?)
#2

I think perhaps it could be related to this from @alphacabbage1 as symbiosis-ssl had thrown the same errors on the run before.


#3

But actually, having left this overnight, it all seems to have resolved itself.

However, noting that the ‘machine-name’ (a) does not default to HTTPS (b) does not use the LetsEncrypt cert © does not read the .htaccess file I uploaded.

More experimentation later …


#4

There is a second step after the symbiosis-ssl command whereby the hourly crontab /etc/cron.hourly/symbiosis-httpd-configure needs to run to activate the new ssl certificates, which is why it seemed to work overnight.

You can see what the hourly https config command is doing by adding the --verbose i.e. /etc/cron.hourly/symbiosis-httpd-configure --verbose.

Re defaulting to ssl, see http://symbiosis.bytemark.co.uk/docs/symbiosis.html#s-web-configuration-layout which notes that you can create the file config/ssl-only in the domain directory and then it will automatically force the redirect. (Might need the http cron above first).


#5

Thank you smsm1986. I appreciate your comment.

I am now wondering why I had to kick them off manually - this was a clean machine. What I done out of the ordinary was move the machine to a different group after building it.

On the subject of the behavior of the machine-name url. I did have a > config/ssl-only file uploaded. I did find that the > ssl-provider file was owned by root so when I’d uploaded a copy I hadn’t twigged that this file had failed. It was still set to self-certified. I am now going to patiently wait to see what happens.