On 6/14/2016 at 9:39 PM, "Christopher Schultz" <chris@xxxxxxxxxxxxxxxxxxxxxx> wrote: > >Filipe, > >On 6/14/16 3:15 PM, Filipe Cifali wrote: >> Your are probably hitting the wrong cert file, check with: >> >> |openssl s_client -connect example.info:443 >> <http://example.info:443>| >> >> You can also try to disable the first SSL and check if you hit >the >> right one after. > >You may have to do this: > >$ openssl s_client -connect ip_addr:443 -servername 'example.info' > >This will allow you to connect to a local test machine and still >tell >the server that you are trying to connect to example.info. I did this and had nearly identical results, sparing for the later parts that are specific for that session. > >Rich, > >Why are you using example.info instead of your actual domain name? > Because the TLD of one site ends in .info as it is domain1.info and the other one is domain2.info. I do not want a domain name of mine to exist in a world-readable forum for security reasons. I'm not a world class expert in security and am not prepared to deal with that right now. That's one of the reasons why example.TLD exists in the first place. >-chris > >> On Tue, Jun 14, 2016 at 4:08 PM, <rich.greder@xxxxxxxxxxxx >> <mailto:rich.greder@xxxxxxxxxxxx>> wrote: >> >> For some time, I have been hosting about 10 sites unencrypted. >> But since people other than just myself will be using my >> squirrelmail, I decided to encrypt my server. I had delayed it >> simply because keys are too expensive to buy, but now I learned >> about LetsEncrypt.org and have been working in that direction. >> >> So far, I moved two websites over to this server, example.com >> <http://example.com> and example.info <http://example.info>. My >> first test of the LetsEncrypt software was of the form of: >> >> # letsencrypt-auto -apache -d example.com <http://example.com> >> >> but I ran into a caveat with www.example.com >> <http://www.example.com> not being accepted. I decided to re- >run >> with the other domain included as well, so I did the remaining >> three combinations: >> >> #letsencrypt-auto -apache -d www.example.com >> <http://www.example.com> -d example.info <http://example.info> - >d >> www.example.info <http://www.example.info> >> >> The conf files for the sites are fairly straight-forward in my >> mind. There are four of them: >> >> #/etc/apache2/sites-available/80-example.com >> <http://80-example.com> <IfModule mod_ssl.c> <VirtualHost *:80> >> ServerAdmin webmaster@localhost DocumentRoot >> /var/www/example.com/public_html/ >> <http://example.com/public_html/> ErrorLog >> ${APACHE_LOG_DIR}/error.log CustomLog >${APACHE_LOG_DIR}/access.log >> combined ServerName example.com <http://example.com> ServerAlias >> www.example.com <http://www.example.com> </VirtualHost> >> </IfModule> >> >> #/etc/apache2/sites-available/443-example.com >> <http://443-example.com> <IfModule mod_ssl.c> <VirtualHost >*:443> >> ServerAdmin webmaster@xxxxxxxxxxx <mailto:webmaster@xxxxxxxxxxx> >> DocumentRoot /var/www/example.com/public_html/ >> <http://example.com/public_html/> ErrorLog >> ${APACHE_LOG_DIR}/error.log CustomLog >${APACHE_LOG_DIR}/access.log >> combined SSLCertificateFile >> /etc/letsencrypt/live/example.com/fullchain.pem >> <http://example.com/fullchain.pem> SSLCertificateKeyFile >> /etc/letsencrypt/live/example.com/privkey.pem >> <http://example.com/privkey.pem> Include >> /etc/letsencrypt/options-ssl-apache.conf ServerName example.com >> <http://example.com> ServerAlias www.example.com >> <http://www.example.com> </VirtualHost> </IfModule> >> >> #/etc/apache2/sites-available/80-example.info >> <http://80-example.info> <IfModule mod_ssl.c> <VirtualHost *:80> >> ServerAdmin webmaster@localhost DocumentRoot >> /var/www/example.info/public_html/ >> <http://example.info/public_html/> ErrorLog >> ${APACHE_LOG_DIR}/error.log CustomLog >${APACHE_LOG_DIR}/access.log >> combined ServerName example.info <http://example.info> >ServerAlias >> www.example.info <http://www.example.info> </VirtualHost> >> </IfModule> >> >> #/etc/apache2/sites-available/443-example.info >> <http://443-example.info> <IfModule mod_ssl.c> <VirtualHost >*:443> >> ServerAdmin webmaster@xxxxxxxxxxxx ><mailto:webmaster@xxxxxxxxxxxx> >> DocumentRoot /var/www/example.info/public_html/ >> <http://example.info/public_html/> ErrorLog >> ${APACHE_LOG_DIR}/error.log CustomLog >${APACHE_LOG_DIR}/access.log >> combined SSLCertificateFile >> /etc/letsencrypt/live/example.com/fullchain.pem >> <http://example.com/fullchain.pem> SSLCertificateKeyFile >> /etc/letsencrypt/live/example.com/privkey.pem >> <http://example.com/privkey.pem> Include >> /etc/letsencrypt/options-ssl-apache.conf ServerName example.info >> <http://example.info> ServerAlias www.example.info >> <http://www.example.info> </VirtualHost> >> >> Notice that SSLCertificateFile and SSLCertificateKeyFile are the >> same for both of the domains, because they use the same key of >> example.com <http://example.com>. The website, example.com >> <http://example.com> works perfectly fine. But example.info >> <http://example.info> has serious problems (On the order of >> NET::ERR_CERT_COMMON_NAME_INVALID). Who has an idea on how to >fix >> this? I can't experiment too much because I'm limited to 5 keys >> per week so learning this myself is a very slow-track process. >> >> There are a number of HOWTO documents out there, but there is >very >> wide variance in their steps that I have little confidence in >> them, but have chosen one and decided to try at it. Once I get >> this established, I promise to write a blog article explaining >the >> procedure a little bit better >> >> >> ----------------------------------------------------------------- >---- >> >> >To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx> For additional >> commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> <mailto:users-help@xxxxxxxxxxxxxxxx> >> >> >> >> >> -- [ ]'s >> >> Filipe Cifali Stangler --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx