On 6/14/2016 at 9:39 PM, "Christopher Schultz" <chris@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>Filipe,
>
>On 6/14/16 3:15 PM, Filipe Cifali wrote:
>> Your are probably hitting the wrong cert file, check with:
>>
>> |openssl s_client -connect example.info:443
>> <http://example.info:443>|
>>
>> You can also try to disable the first SSL and check if you hit
>the
>> right one after.
>
>You may have to do this:
>
>$ openssl s_client -connect ip_addr:443 -servername 'example.info'
>
>This will allow you to connect to a local test machine and still
>tell
>the server that you are trying to connect to example.info.
I did this and had nearly identical results, sparing for the later parts that are specific for that session.
>
>Rich,
>
>Why are you using example.info instead of your actual domain name?
>
Because the TLD of one site ends in .info as it is domain1.info and the other one is domain2.info. I do not want a domain name of mine to exist in a world-readable forum for security reasons. I'm not a world class expert in security and am not prepared to deal with that right now. That's one of the reasons why example.TLD exists in the first place.
>-chris
>
>> On Tue, Jun 14, 2016 at 4:08 PM, <rich.greder@xxxxxxxxxxxx
>> <mailto:rich.greder@xxxxxxxxxxxx>> wrote:
>>
>> For some time, I have been hosting about 10 sites unencrypted.
>> But since people other than just myself will be using my
>> squirrelmail, I decided to encrypt my server. I had delayed it
>> simply because keys are too expensive to buy, but now I learned
>> about LetsEncrypt.org and have been working in that direction.
>>
>> So far, I moved two websites over to this server, example.com
>> <http://example.com> and example.info <http://example.info>. My
>> first test of the LetsEncrypt software was of the form of:
>>
>> # letsencrypt-auto -apache -d example.com <http://example.com>
>>
>> but I ran into a caveat with www.example.com
>> <http://www.example.com> not being accepted. I decided to re-
>run
>> with the other domain included as well, so I did the remaining
>> three combinations:
>>
>> #letsencrypt-auto -apache -d www.example.com
>> <http://www.example.com> -d example.info <http://example.info> -
>d
>> www.example.info <http://www.example.info>
>>
>> The conf files for the sites are fairly straight-forward in my
>> mind. There are four of them:
>>
>> #/etc/apache2/sites-available/80-example.com
>> <http://80-example.com> <IfModule mod_ssl.c> <VirtualHost *:80>
>> ServerAdmin webmaster@localhost DocumentRoot
>> /var/www/example.com/public_html/
>> <http://example.com/public_html/> ErrorLog
>> ${APACHE_LOG_DIR}/error.log CustomLog
>${APACHE_LOG_DIR}/access.log
>> combined ServerName example.com <http://example.com> ServerAlias
>> www.example.com <http://www.example.com> </VirtualHost>
>> </IfModule>
>>
>> #/etc/apache2/sites-available/443-example.com
>> <http://443-example.com> <IfModule mod_ssl.c> <VirtualHost
>*:443>
>> ServerAdmin webmaster@xxxxxxxxxxx <mailto:webmaster@xxxxxxxxxxx>
>> DocumentRoot /var/www/example.com/public_html/
>> <http://example.com/public_html/> ErrorLog
>> ${APACHE_LOG_DIR}/error.log CustomLog
>${APACHE_LOG_DIR}/access.log
>> combined SSLCertificateFile
>> /etc/letsencrypt/live/example.com/fullchain.pem
>> <http://example.com/fullchain.pem> SSLCertificateKeyFile
>> /etc/letsencrypt/live/example.com/privkey.pem
>> <http://example.com/privkey.pem> Include
>> /etc/letsencrypt/options-ssl-apache.conf ServerName example.com
>> <http://example.com> ServerAlias www.example.com
>> <http://www.example.com> </VirtualHost> </IfModule>
>>
>> #/etc/apache2/sites-available/80-example.info
>> <http://80-example.info> <IfModule mod_ssl.c> <VirtualHost *:80>
>> ServerAdmin webmaster@localhost DocumentRoot
>> /var/www/example.info/public_html/
>> <http://example.info/public_html/> ErrorLog
>> ${APACHE_LOG_DIR}/error.log CustomLog
>${APACHE_LOG_DIR}/access.log
>> combined ServerName example.info <http://example.info>
>ServerAlias
>> www.example.info <http://www.example.info> </VirtualHost>
>> </IfModule>
>>
>> #/etc/apache2/sites-available/443-example.info
>> <http://443-example.info> <IfModule mod_ssl.c> <VirtualHost
>*:443>
>> ServerAdmin webmaster@xxxxxxxxxxxx
><mailto:webmaster@xxxxxxxxxxxx>
>> DocumentRoot /var/www/example.info/public_html/
>> <http://example.info/public_html/> ErrorLog
>> ${APACHE_LOG_DIR}/error.log CustomLog
>${APACHE_LOG_DIR}/access.log
>> combined SSLCertificateFile
>> /etc/letsencrypt/live/example.com/fullchain.pem
>> <http://example.com/fullchain.pem> SSLCertificateKeyFile
>> /etc/letsencrypt/live/example.com/privkey.pem
>> <http://example.com/privkey.pem> Include
>> /etc/letsencrypt/options-ssl-apache.conf ServerName example.info
>> <http://example.info> ServerAlias www.example.info
>> <http://www.example.info> </VirtualHost>
>>
>> Notice that SSLCertificateFile and SSLCertificateKeyFile are the
>> same for both of the domains, because they use the same key of
>> example.com <http://example.com>. The website, example.com
>> <http://example.com> works perfectly fine. But example.info
>> <http://example.info> has serious problems (On the order of
>> NET::ERR_CERT_COMMON_NAME_INVALID). Who has an idea on how to
>fix
>> this? I can't experiment too much because I'm limited to 5 keys
>> per week so learning this myself is a very slow-track process.
>>
>> There are a number of HOWTO documents out there, but there is
>very
>> wide variance in their steps that I have little confidence in
>> them, but have chosen one and decided to try at it. Once I get
>> this established, I promise to write a blog article explaining
>the
>> procedure a little bit better
>>
>>
>> -----------------------------------------------------------------
>----
>>
>>
>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx> For additional
>> commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>> <mailto:users-help@xxxxxxxxxxxxxxxx>
>>
>>
>>
>>
>> -- [ ]'s
>>
>> Filipe Cifali Stangler
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|