-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Filipe,
On 6/14/16 3:15 PM, Filipe Cifali wrote: > Your are probably hitting the wrong cert file, check with: > > |openssl s_client -connect example.info:443 > <http://example.info:443>| > > You can also try to disable the first SSL and check if you hit the > right one after. You may have to do this: $ openssl s_client -connect ip_addr:443 -servername 'example.info' This will allow you to connect to a local test machine and still tell the server that you are trying to connect to example.info. Rich, Why are you using example.info instead of your actual domain name? - -chris > On Tue, Jun 14, 2016 at 4:08 PM, <rich.gre...@hushmail.com > <mailto:rich.gre...@hushmail.com>> wrote: > > For some time, I have been hosting about 10 sites unencrypted. > But since people other than just myself will be using my > squirrelmail, I decided to encrypt my server. I had delayed it > simply because keys are too expensive to buy, but now I learned > about LetsEncrypt.org and have been working in that direction. > > So far, I moved two websites over to this server, example.com > <http://example.com> and example.info <http://example.info>. My > first test of the LetsEncrypt software was of the form of: > > # letsencrypt-auto -apache -d example.com <http://example.com> > > but I ran into a caveat with www.example.com > <http://www.example.com> not being accepted. I decided to re-run > with the other domain included as well, so I did the remaining > three combinations: > > #letsencrypt-auto -apache -d www.example.com > <http://www.example.com> -d example.info <http://example.info> -d > www.example.info <http://www.example.info> > > The conf files for the sites are fairly straight-forward in my > mind. There are four of them: > > #/etc/apache2/sites-available/80-example.com > <http://80-example.com> <IfModule mod_ssl.c> <VirtualHost *:80> > ServerAdmin webmaster@localhost DocumentRoot > /var/www/example.com/public_html/ > <http://example.com/public_html/> ErrorLog > ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log > combined ServerName example.com <http://example.com> ServerAlias > www.example.com <http://www.example.com> </VirtualHost> > </IfModule> > > #/etc/apache2/sites-available/443-example.com > <http://443-example.com> <IfModule mod_ssl.c> <VirtualHost *:443> > ServerAdmin webmas...@example.com <mailto:webmas...@example.com> > DocumentRoot /var/www/example.com/public_html/ > <http://example.com/public_html/> ErrorLog > ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log > combined SSLCertificateFile > /etc/letsencrypt/live/example.com/fullchain.pem > <http://example.com/fullchain.pem> SSLCertificateKeyFile > /etc/letsencrypt/live/example.com/privkey.pem > <http://example.com/privkey.pem> Include > /etc/letsencrypt/options-ssl-apache.conf ServerName example.com > <http://example.com> ServerAlias www.example.com > <http://www.example.com> </VirtualHost> </IfModule> > > #/etc/apache2/sites-available/80-example.info > <http://80-example.info> <IfModule mod_ssl.c> <VirtualHost *:80> > ServerAdmin webmaster@localhost DocumentRoot > /var/www/example.info/public_html/ > <http://example.info/public_html/> ErrorLog > ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log > combined ServerName example.info <http://example.info> ServerAlias > www.example.info <http://www.example.info> </VirtualHost> > </IfModule> > > #/etc/apache2/sites-available/443-example.info > <http://443-example.info> <IfModule mod_ssl.c> <VirtualHost *:443> > ServerAdmin webmas...@example.info <mailto:webmas...@example.info> > DocumentRoot /var/www/example.info/public_html/ > <http://example.info/public_html/> ErrorLog > ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log > combined SSLCertificateFile > /etc/letsencrypt/live/example.com/fullchain.pem > <http://example.com/fullchain.pem> SSLCertificateKeyFile > /etc/letsencrypt/live/example.com/privkey.pem > <http://example.com/privkey.pem> Include > /etc/letsencrypt/options-ssl-apache.conf ServerName example.info > <http://example.info> ServerAlias www.example.info > <http://www.example.info> </VirtualHost> > > Notice that SSLCertificateFile and SSLCertificateKeyFile are the > same for both of the domains, because they use the same key of > example.com <http://example.com>. The website, example.com > <http://example.com> works perfectly fine. But example.info > <http://example.info> has serious problems (On the order of > NET::ERR_CERT_COMMON_NAME_INVALID). Who has an idea on how to fix > this? I can't experiment too much because I'm limited to 5 keys > per week so learning this myself is a very slow-track process. > > There are a number of HOWTO documents out there, but there is very > wide variance in their steps that I have little confidence in > them, but have chosen one and decided to try at it. Once I get > this established, I promise to write a blog article explaining the > procedure a little bit better > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > <mailto:users-unsubscr...@httpd.apache.org> For additional > commands, e-mail: users-h...@httpd.apache.org > <mailto:users-h...@httpd.apache.org> > > > > > -- [ ]'s > > Filipe Cifali Stangler -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAldgXS8ACgkQ9CaO5/Lv0PD/DwCgjrlhkWnRd0VUHCYCKAbuShCt aH0AoMNTdBW/iXA5uLnvU0pBGBJ+XE6J =rxov -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
