1

I installed a Letsencrypt cert using certbot for my domain carmensteffens.us Everything is ok except, in browsers (Chrome and Safari) for Apple devices (iOS and OSX).

The browsers in Apple devices says:

Invalid certificate (server name incompatible)

I think that is an virtual host error in apache (2.4.7)

carmensteffens.us.conf (80)

<VirtualHost *:80>
        ServerName carmensteffens.us
        ServerAlias www.carmensteffens.us

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/web-v2/public_html

        ErrorLog /var/www/web-v2/logs/csusa_error.log
        CustomLog /var/www/web-v2/logs/csusa_access.log combined

        <Directory "/var/www/web-v2/public_html">
           Options All
           AllowOverride All
           Allow from all
        </Directory>

        Include /var/www/web-v2/public_html/public/assets/carmen/_default/directives.conf
        Include /var/www/web-v2/public_html/public/assets/carmen/us/directives.conf
        RewriteEngine on
        RewriteCond %{SERVER_NAME} =www.carmensteffens.us [OR]
        RewriteCond %{SERVER_NAME} =carmensteffens.us
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

carmensteffens.us.conf-le-ssl.conf (443)

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName carmensteffens.us
        ServerAlias www.carmensteffens.us

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/web-v2/public_html

        ErrorLog /var/www/web-v2/logs/csusa_error.log
        CustomLog /var/www/web-v2/logs/csusa_access.log combined

        <Directory "/var/www/web-v2/public_html">
           Options All
           AllowOverride All
           Allow from all
        </Directory>

        Include /var/www/web-v2/public_html/public/assets/carmen/_default/directives.conf
        Include /var/www/web-v2/public_html/public/assets/carmen/us/directives.conf
        SSLCertificateFile /etc/letsencrypt/live/carmensteffens.us/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/carmensteffens.us/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateChainFile /etc/letsencrypt/live/carmensteffens.us/chain.pem
</VirtualHost>
</IfModule>

Any ideas ?

ramiromd
  • 111
  • 1
    Does the certificate cover both carmensteffens.us & www.carmensteffens.us? (Edit: real domain so I can check it myself and it doesn't). I'd take the alias of the ssl host for a start and make the http redirect go direct to carmensteffens.us rather than using %{SERVER_NAME} (Might not be causing the main issue of course) – USD Matt Jan 17 '18 at 15:14
  • In fact you could probably replace all the rewrite stuff with just Redirect permanent / https://carmensteffens.us/. – USD Matt Jan 17 '18 at 15:26
  • Also this is a bit dodgy -Include /var/www/web-v2/public_html/public/assets/carmen/_default/directives.conf. Maybe there's nothing sensitive in there but it feels wrong to have server configuration files inside the web root where I can easily access them via a web browser. – USD Matt Jan 17 '18 at 15:41
  • @USDMatt you are right, the certificate doesn't cover both domains. I reconfigured the certificate and works :) – ramiromd Jan 17 '18 at 15:50

0 Answers0