Hi Daniel, The CN is *.amnetgroup.com . And the ssl certificate is wildcard certificate that we got from Rapidssl. Till now the old certificate runs fine with same config.
Regards Sachin Kumar On Mon, 6 Jan 2020, 13:25 Daniel Ferradal, <[email protected]> wrote: > The servername "www.amnetgroup.com" and CN in the certificate must > match and be the same, that is what "rsa certificate configured for > xxxxxxxxxxx:443 does not include an id which matches the server name > " means. > > you can easily check it with command "openssl x509 -in > /ssl/amnetgroup.com/cert/amnetgroup.com.crt -noout -subject" > > So if the CN is amnetgroup.com and your servername is > www.amnetgroup.com there is no match unless there is SAN (subject > alternate name) in the cert that matches the servername you are using. > > El dom., 5 ene. 2020 a las 20:07, Sac Isilia > (<[email protected]>) escribió: > > > > Hi @lbutlr, > > > > Below is the site.conf file settings . We just updated the certificate > contents and touched nothing else. Right now the site is reverted to its > original certificate. But as soon as we update the certificate contents it > doesn't work and throw the error that I mentioned. > > > > <VirtualHost *:80> > > ServerName amnetgroup.com > > > > > > RedirectMatch 301 (.*) https://www.amnetgroup.com$1 > > </VirtualHost> > > > > <VirtualHost *:80> > > ServerName amnet.ie > > ServerAlias www.amnet.ie > > ServerAlias amnetgroup.ie www.amnetgroup.ie > > RedirectMatch 301 (.*) https://www.amnetgroup.com/en/ie/ > > </VirtualHost> > > > > <VirtualHost *:80> > > ServerName www.amnetgroup.com > > > > > > DocumentRoot "/sites/amnetgroup.com/public_html" > > > > Redirect permanent / https://www.amnetgroup.com/ > > > > CustomLog /sites/logs/apache/amnetgroup.com-access.log combined > > ErrorLog /sites/logs/apache/amnetgroup.com-error.log > > > > <IfModule worker.c> > > StartServers 4 > > MaxClients 300 > > MinSpareThreads 25 > > MaxSpareThreads 75 > > ThreadsPerChild 25 > > MaxRequestsPerChild 0 > > </IfModule> > > > > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi:// > 127.0.0.1:9054/sites/amnetgroup.com/public_html/$1 > > DirectoryIndex index.php > > > > DirectoryIndex index.php > > php_value memory_limit 1024M > > > > <Directory "/sites/amnetgroup.com/public_html/"> > > Options Indexes FollowSymLinks > > AllowOverride All > > Require all granted > > </Directory> > > RewriteEngine On > > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) > > RewriteRule .* - [F] > > </VirtualHost> > > > > <VirtualHost *:443> > > ServerName amnetgroup.com > > SSLEngine on > > SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt > > SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key > > SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle > > > > SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 > > SSLCipherSuite > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 > > SSLHonorCipherOrder on > > SSLCompression off > > SSLSessionTickets off > > > > Redirect permanent / https://www.amnetgroup.com/ > > > > RewriteEngine On > > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD) > > RewriteRule .* - [F] > > </VirtualHost> > > > > <VirtualHost *:443> > > ServerName www.amnetgroup.com > > SSLEngine on > > SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt > > SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key > > SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle > > > > SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 > > SSLCipherSuite > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 > > SSLHonorCipherOrder on > > SSLCompression off > > SSLSessionTickets off > > > > DocumentRoot "/sites/amnetgroup.com/public_html" > > > > CustomLog /sites/logs/apache/amnetgroup.com-access.log combined > > ErrorLog /sites/logs/apache/amnetgroup.com-error.log > > > > <IfModule worker.c> > > StartServers 4 > > MaxClients 300 > > MinSpareThreads 25 > > MaxSpareThreads 75 > > ThreadsPerChild 25 > > MaxRequestsPerChild 0 > > </IfModule> > > > > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi:// > 127.0.0.1:9054/sites/amnetgroup.com/public_html/$1 > > DirectoryIndex index.php > > php_value memory_limit 1024M > > > > <Directory "/sites/amnetgroup.com/public_html/"> > > Options Indexes FollowSymLinks > > AllowOverride All > > Require all granted > > </Directory> > > RewriteEngine On > > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD) > > RewriteRule .* - [F] > > </VirtualHost> > > > > Regards > > Sachin Kumar > > > > On Sun, Jan 5, 2020 at 11:45 PM @lbutlr <[email protected]> wrote: > >> > >> On 04 Jan 2020, at 10:02, Sac Isilia <[email protected]> > wrote: > >> > ah01909: rsa certificate configured for xxxxxxxxxxx:443 does not > include an id which matches the server name > >> > > >> > Please help me in resolving this issue. > >> > >> That seems clear to me. > >> > >> What is the server name and what are the servers listed in the > certificate? Is there a match? > >> > >> Are you sure? > >> > >> Are you looking at the right certificate? Is the server looking at the > right certificate? Has apache been restarted? > >> > >> > >> > >> -- > >> NOTHING IS FINAL. NOTHING IS ABSOLUTE. EXCEPT ME, OF COURSE. SUCH > >> TINKERING WITH DESTINY COULD MEAN THE DOWNFALL OF THE WORLD. > >> THERE MUST BE A CHANCE, HOWEVER SMALL. THE LAWYERS OF FATE > DEMAND > >> A LOOPHOLE IN EVERY PROPHECY. —Sourcery > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > > > -- > Daniel Ferradal > HTTPD Project > #httpd help at Freenode > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
