0

I'm trying to generate a SSL certificate using Let's encrypt https://certbot.eff.org/ .

Using this command I was abble to generate the certificate.pem and private key:

certbot certonly --manual

I have done the valitation using http (webroot) file.

After that, I have copied the certificate files to another server and configured it to use them. This another server is that is running over the certificate domain.

This is the apache configuration:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLCertificateFile /root/fullchain.pem
        SSLCertificateKeyFile /root/privkey.pem
        SSLEngine on
        SSLProtocol             all -SSLv2 -SSLv3
        SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA$
        SSLHonorCipherOrder     on
        SSLCompression          off
        SSLOptions +StrictRequire
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
        LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
        ServerName <MYHOST.COM>
</VirtualHost>
</IfModule>

But when I access this server via https it shows the NET::ERR_CERT_COMMON_NAME_INVALID error.

Any idea about what I have done wrong?

Beto Neto
  • 595
  • 1
  • 4
  • 11
  • `ERR_CERT_COMMON_NAME_INVALID` - Well that is telling you the cert has the wrong name. What name does the certificate have? Is it the name you expect? Is it the name that should belong to the destination server? See `openssl x509 -in /root/fullchain.pem -text | grep Subject`. – Zoredache Sep 20 '17 at 21:57
  • @Zoredache No, it has the wrong Subject www.example.com. But from where it has taken it? I have passed my domain on the creation. – Beto Neto Sep 21 '17 at 10:49
  • I solved the problem. I was configuring the wrong file. My server are using a bitnami tomcat stack, I have followed this https://docs.bitnami.com/virtual-machine/components/apache/#understand-virtual-host-configuration-files to change the SSL configuration and now everything is working. – Beto Neto Sep 21 '17 at 13:05

0 Answers0