Certificate errors when using alias domain

Hey!

I have this problem when I’m trying to use alias domain…

Requesting a certificate for domain.fi, domain.com, www.domain.com from Let’s Encrypt …

Parsing account key... Parsing CSR... Registering account... Already registered! Verifying domain.com... Traceback (most recent call last): File "/usr/libexec/webmin/webmin/acme_tiny.py", line 235, in main(sys.argv[1:]) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 231, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca) File "/usr/libexec/webmin/webmin/acme_tiny.py", line 144, in get_crt resp = urlopen(wellknown_url) File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen return opener.open(url, data, timeout) File "/usr/lib64/python2.7/urllib2.py", line 437, in open response = meth(req, response) File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response 'http', request, response, code, msg, hdrs) File "/usr/lib64/python2.7/urllib2.py", line 469, in error result = self._call_chain(*args) File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain result = func(*args) File "/usr/lib64/python2.7/urllib2.py", line 656, in http_error_302 return self.parent.open(new, timeout=req.timeout) File "/usr/lib64/python2.7/urllib2.py", line 431, in open response = self._open(req, data) File "/usr/lib64/python2.7/urllib2.py", line 449, in _open '_open', req) File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain result = func(*args) File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open context=self._context, check_hostname=self._check_hostname) File "/usr/lib64/python2.7/urllib2.py", line 1211, in do_open h.request(req.get_method(), req.get_selector(), req.data, headers) File "/usr/lib64/python2.7/httplib.py", line 1017, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 826, in send self.connect() File "/usr/lib64/python2.7/httplib.py", line 1236, in connect server_hostname=sni_hostname) File "/usr/lib64/python2.7/ssl.py", line 350, in wrap_socket _context=self) File "/usr/lib64/python2.7/ssl.py", line 611, in __init__ self.do_handshake() File "/usr/lib64/python2.7/ssl.py", line 841, in do_handshake match_hostname(self.getpeercert(), self.server_hostname) File "/usr/lib64/python2.7/ssl.py", line 273, in match_hostname % (hostname, dnsnames[0])) ssl.CertificateError: hostname 'domain.com' doesn't match 'domain.fi'

Any ideas how I can request these certificates? or what that error msg even means…

Is it possible you’ve got a redirect that is redirecting requests to domain.fi to domain.com? That seems like it might trigger this error. If you’re running WordPress, it’ll do a redirect to the configured domain name, even if you haven’t intentionally setup a redirect (unless you modify the wp-config.php).

Also, the way to troubleshoot all Let’s Encrypt errors is to simply make sure you can browse to the .well-known directory on the right domain and spelunk down into it and find the validation file. If you can’t, then Let’s Encrypt can’t either…and whatever is preventing you from reaching it is the same thing preventing LE from reaching it.

It might be something to do with wordpress. I will check this out when bug https://www.virtualmin.com/node/54352 is fixed.