this post was submitted on 09 Jul 2024
10 points (100.0% liked)

Mastodon

5239 readers
1 users here now

Decentralised and open source social network.

https://joinmastodon.org/

GitHub

founded 5 years ago
MODERATORS
ericbuijs@lemmy.ml
dirtfindr@lemmy.ml
testman@lemmy.ml
10
Selfhosted SSL cert issue (lemm.ee)
submitted 4 months ago by TheRealCharlesEames@lemm.ee to c/mastodon@lemmy.ml
3 comments fedilink hide all child comments
 

Hi, I’m hosting mastodon for personal use on subdomain.domain.tld — it has a valid ssl cert. The issue is that when I set the vanity server name to domain.tld (no subdomain) and create a Let’s Encrypt cert for domain.tld. The namecheap ssl cert checker says that the Hostname doesn’t match the Common Name or/and the SANs.

I have domain.tld redirect via an Alias record to my Synology server (just like the subdomain) but for some reason it’s fine on the subdomain but not for the root domain.

Any one have any experience with this? TIA.

you are viewing a single comment's thread
view the rest of the comments
[–] ziviz@lemmy.sdf.org 3 points 4 months ago* (last edited 4 months ago) (1 children)

Sounds like the cert is missing a required SAN name. I used namecheap and Let's Encrypt together before. I had to ensure that *.ziviz.us and ziviz.us were both provided to certbot. I used manual DNS challenges, and it looked like this:

certbot certonly --manual --preferred-challenges dns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or 
space separated) (Enter 'c' to cancel): ziviz.us *.ziviz.us
[–] TheRealCharlesEames@lemm.ee 2 points 4 months ago (1 children)

What if I told you that the cert says the SAN is valid for the Synology DDNS but not the SAN that I entered (domain.tld)

[–] ziviz@lemmy.sdf.org 1 points 4 months ago

If you ensured both the subdomain and the domain name were provided when using certbot, then it could be a case where the server is still using a previous cert. I had issues where changing the cert in NameCheap did not immediately take affect. (In the NameCheap CPanel console, cert would be fine, but actually visiting the site would still present the old cert for a while.) There were at least a couple times where it only presented the new cert after I fully removed the old one from Cpanel. Other than that, running out of ideas.