Hi Daniel, Yes the old one was also wildcard. And we had no alias setup earlier as well. Though i tried this but it didn't worked either.
Regards Sachin Kumar On Mon, 6 Jan 2020, 13:50 Daniel Ferradal, <[email protected]> wrote: > Not sure about 2.4.6, but httpd IIRC recognizes wildcard certificates > perfectly, in any case, you could try adding "ServerAlias > *.amnetgroup.com" to the virtualhost config. The old certificate was a > wildcard too? > > El lun., 6 ene. 2020 a las 9:02, Sac Isilia > (<[email protected]>) escribió: > > > > Hi Daniel, > > > > The CN is *.amnetgroup.com . And the ssl certificate is wildcard > certificate that we got from Rapidssl. Till now the old certificate runs > fine with same config. > > > > Regards > > Sachin Kumar > > > > On Mon, 6 Jan 2020, 13:25 Daniel Ferradal, <[email protected]> wrote: > >> > >> The servername "www.amnetgroup.com" and CN in the certificate must > >> match and be the same, that is what "rsa certificate configured for > >> xxxxxxxxxxx:443 does not include an id which matches the server name > >> " means. > >> > >> you can easily check it with command "openssl x509 -in > >> /ssl/amnetgroup.com/cert/amnetgroup.com.crt -noout -subject" > >> > >> So if the CN is amnetgroup.com and your servername is > >> www.amnetgroup.com there is no match unless there is SAN (subject > >> alternate name) in the cert that matches the servername you are using. > >> > >> El dom., 5 ene. 2020 a las 20:07, Sac Isilia > >> (<[email protected]>) escribió: > >> > > >> > Hi @lbutlr, > >> > > >> > Below is the site.conf file settings . We just updated the > certificate contents and touched nothing else. Right now the site is > reverted to its original certificate. But as soon as we update the > certificate contents it doesn't work and throw the error that I mentioned. > >> > > >> > <VirtualHost *:80> > >> > ServerName amnetgroup.com > >> > > >> > > >> > RedirectMatch 301 (.*) https://www.amnetgroup.com$1 > >> > </VirtualHost> > >> > > >> > <VirtualHost *:80> > >> > ServerName amnet.ie > >> > ServerAlias www.amnet.ie > >> > ServerAlias amnetgroup.ie www.amnetgroup.ie > >> > RedirectMatch 301 (.*) https://www.amnetgroup.com/en/ie/ > >> > </VirtualHost> > >> > > >> > <VirtualHost *:80> > >> > ServerName www.amnetgroup.com > >> > > >> > > >> > DocumentRoot "/sites/amnetgroup.com/public_html" > >> > > >> > Redirect permanent / https://www.amnetgroup.com/ > >> > > >> > CustomLog /sites/logs/apache/amnetgroup.com-access.log combined > >> > ErrorLog /sites/logs/apache/amnetgroup.com-error.log > >> > > >> > <IfModule worker.c> > >> > StartServers 4 > >> > MaxClients 300 > >> > MinSpareThreads 25 > >> > MaxSpareThreads 75 > >> > ThreadsPerChild 25 > >> > MaxRequestsPerChild 0 > >> > </IfModule> > >> > > >> > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi:// > 127.0.0.1:9054/sites/amnetgroup.com/public_html/$1 > >> > DirectoryIndex index.php > >> > > >> > DirectoryIndex index.php > >> > php_value memory_limit 1024M > >> > > >> > <Directory "/sites/amnetgroup.com/public_html/"> > >> > Options Indexes FollowSymLinks > >> > AllowOverride All > >> > Require all granted > >> > </Directory> > >> > RewriteEngine On > >> > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) > >> > RewriteRule .* - [F] > >> > </VirtualHost> > >> > > >> > <VirtualHost *:443> > >> > ServerName amnetgroup.com > >> > SSLEngine on > >> > SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt > >> > SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key > >> > SSLCertificateChainFile /ssl/ > amnetgroup.com/cert/amnetgroup.com-bundle > >> > > >> > SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 > >> > SSLCipherSuite > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 > >> > SSLHonorCipherOrder on > >> > SSLCompression off > >> > SSLSessionTickets off > >> > > >> > Redirect permanent / https://www.amnetgroup.com/ > >> > > >> > RewriteEngine On > >> > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD) > >> > RewriteRule .* - [F] > >> > </VirtualHost> > >> > > >> > <VirtualHost *:443> > >> > ServerName www.amnetgroup.com > >> > SSLEngine on > >> > SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt > >> > SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key > >> > SSLCertificateChainFile /ssl/ > amnetgroup.com/cert/amnetgroup.com-bundle > >> > > >> > SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 > >> > SSLCipherSuite > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 > >> > SSLHonorCipherOrder on > >> > SSLCompression off > >> > SSLSessionTickets off > >> > > >> > DocumentRoot "/sites/amnetgroup.com/public_html" > >> > > >> > CustomLog /sites/logs/apache/amnetgroup.com-access.log combined > >> > ErrorLog /sites/logs/apache/amnetgroup.com-error.log > >> > > >> > <IfModule worker.c> > >> > StartServers 4 > >> > MaxClients 300 > >> > MinSpareThreads 25 > >> > MaxSpareThreads 75 > >> > ThreadsPerChild 25 > >> > MaxRequestsPerChild 0 > >> > </IfModule> > >> > > >> > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi:// > 127.0.0.1:9054/sites/amnetgroup.com/public_html/$1 > >> > DirectoryIndex index.php > >> > php_value memory_limit 1024M > >> > > >> > <Directory "/sites/amnetgroup.com/public_html/"> > >> > Options Indexes FollowSymLinks > >> > AllowOverride All > >> > Require all granted > >> > </Directory> > >> > RewriteEngine On > >> > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD) > >> > RewriteRule .* - [F] > >> > </VirtualHost> > >> > > >> > Regards > >> > Sachin Kumar > >> > > >> > On Sun, Jan 5, 2020 at 11:45 PM @lbutlr <[email protected]> wrote: > >> >> > >> >> On 04 Jan 2020, at 10:02, Sac Isilia <[email protected]> > wrote: > >> >> > ah01909: rsa certificate configured for xxxxxxxxxxx:443 does not > include an id which matches the server name > >> >> > > >> >> > Please help me in resolving this issue. > >> >> > >> >> That seems clear to me. > >> >> > >> >> What is the server name and what are the servers listed in the > certificate? Is there a match? > >> >> > >> >> Are you sure? > >> >> > >> >> Are you looking at the right certificate? Is the server looking at > the right certificate? Has apache been restarted? > >> >> > >> >> > >> >> > >> >> -- > >> >> NOTHING IS FINAL. NOTHING IS ABSOLUTE. EXCEPT ME, OF COURSE. SUCH > >> >> TINKERING WITH DESTINY COULD MEAN THE DOWNFALL OF THE WORLD. > >> >> THERE MUST BE A CHANCE, HOWEVER SMALL. THE LAWYERS OF FATE > DEMAND > >> >> A LOOPHOLE IN EVERY PROPHECY. —Sourcery > >> >> > >> >> > >> >> --------------------------------------------------------------------- > >> >> To unsubscribe, e-mail: [email protected] > >> >> For additional commands, e-mail: [email protected] > >> >> > >> > >> > >> -- > >> Daniel Ferradal > >> HTTPD Project > >> #httpd help at Freenode > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > > > -- > Daniel Ferradal > HTTPD Project > #httpd help at Freenode > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
