How to make my website SSL secure with Ubuntu 22.04.2 LTS server and Apache

Question

I'm trying to access my website through https://. but all my efforts are in vain.

First I will explain how I did everything to get into the context.

The server hardware is a Raspberry PI2B. With software Ubuntu 22.04.2 LTS. I'm using apache as http server.

Everything went great until I started to secure the website, I did all the steps to have certificates with letsencrypt and certbot.

root@ubuntu:/etc/letsencrypt/keys# ls
0000_key-certbot.pem  0001_key-certbot.pem
root@ubuntu:/etc/letsencrypt/live/archivomental.com# ls
README  cert.pem  chain.pem  fullchain.pem  privkey.pem

Ok then I have problems with VirtualHost configuration I think... because i'm not sure. It seems like apache still using http over https.

If I do this anything works:

<VirtualHost *:443>
    ServerName www.archivomental.com
    ServerAlias archivomental.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/archivomental.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/archivomental.com/privkey.pem

</VirtualHost>

This one let me in on the web page but only over http.

<VirtualHost *:80>
ServerName www.archivomental.com
ServerAlias archivomental.com
DocumentRoot /var/www/archivomental
RewriteEngine On
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5
RewriteCond %{HTTPS} off
RewriteRule   "^/(.*)_SSL$"   "https://%{SERVER_NAME}/$1" [R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName www.archivomental.com
ServerAlias archivomental.com
DocumentRoot /var/www/archivomental
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/archivomental.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/archivomental.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/archivomental.com/chain.pem
</VirtualHost>

Is there something else to do to make SSL work? If you can guide me in this matter I will be eternally grateful.

root@ubuntu:/var/log/apache2# curl -I https://www.archivomental.com
curl: (60) SSL: no alternative certificate subject name matches target host name 'www.archivomental.com'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

score 0 · Accepted Answer · answered Jun 12 '23 at 09:08

SSL: no alternative certificate subject name matches target host name 'www.archivomental.com'

So SSL appears to be working, but there is a certificate validation issue. It would appear that you provisioned a certificate for archivomental.com but didn't specify that the certificate should also be valid for www.archivomental.com

If this is the case, and you need it to work with the www. prefix, delete the existing certificate and re-provision:

sudo certbot delete --cert-name archivomental.com
sudo certbot certonly --domain="archivomental.com,www.archivomental.com"

How to make my website SSL secure with Ubuntu 22.04.2 LTS server and Apache

1 Answers1