0

Replaced my real domain name with 'domain'.

I have nextcloud running on my server 192.168.1.2, when opening the website nc.domain.eu and check certificate :

Common Name (CN) nc.domain.eu Organization (O) Organizational Unit (OU)

So this works.

But when i open adguard.domain.eu it shows :

Common Name (CN) collabora.domain.eu Organization (O) Organizational Unit (OU)

Collabora used to run on this machine but due to issues i removed it however the 'certificate' still remains.

When running :

openssl s_client -showcerts -connect 192.168.1.2:443

---
Server certificate
subject=CN = collabora.domain.eu
issuer=C = US, O = Let's Encrypt, CN = E6
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3314 bytes and written 373 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

How do i remove that certificate from Ubuntu?

locate .pem | grep "\.pem$" | xargs -I{} openssl x509 -issuer -enddate -noout -in {}

I used that to find 'collabora.domain.eu' and found 2 results :

could not read certificate from /etc/letsencrypt/archive/collabora.domain.eu/privkey1.pem

directory contains :

cert1.pem chain1.pem fullchain1.pem privkey1.pem

Could not read certificate from /etc/letsencrypt/live/collabora.domain.eu/privkey.pem

directory contains :

cert.pem chain.pem fullchain.pem privkey.pem README

Can i just remove those directories? and run :

update-ca-certificates

And i want to add a www.domain.eu and *.domain.eu to this server. I already have the files created on Nginx Proxy Manager. Can i just copy those in? If yes where?

I also tried :

sudo certbot certificates
sudo certbot delete

selected '1' which was 'collabora.domain.eu' and ran

update-ca-certificates

but

openssl s_client -showcerts -connect 192.168.1.2:443

still shows it.

#### EDIT ####

I just found that collabora.conf was still in sites-available and being loaded. Renamed/removed it and restarted Apache2.

Now it gets even weirder. If i enter 'adguard.domain.eu:8883' in my browser it's good and uses *.domain.eu cert. If i click 'adguard.domain.eu' in NPM it uses 'nc.domain.eu'.

NC.Domain.eu = nextcloud which is loaded through 'nextcloud-le-ssl.conf' which is correct.

Nginx Proxy Manager is serving *.domain.eu and www.domain.eu. I couldn't get 'wildcard' to work on the server before. I wonder if i can just take the 'xxx.pem' files from NPM and replace the lines in 'nextcloud-se-ssl' and hope for the best? But i guess certbot could cause issues here.. and renewing will require for me to do it manually.

Improve this question
2
  • You're receiving the connections on port 443 with the nginx web server process? Have you looked at the config files for nginx to locate the SSL certificates it is serving? Most nginx configurations I have seen use custom locations for the server certificates and the CA+chain certificates that support the server certificates, not the OS's standard CA certificate locations. The configuration files for the web server software will tell you where the files are located on your server. Commented Jan 28 at 11:12
  • Yes, i got NPM on 192.168.1.5 (truenas scale app). This serves *.domain.eu and www.domain.eu. When i was trying to get nextcloud to accept *.domain.eu it wouldn't work (was still on old hosting provider) switched the whole lot to Cloudflare and it worked. But the nc.domain.eu was already active i think through certbot. Collabora.domain.eu is now gone, certs are still there but that's fine. It's loading nc.domain.eu now. And i wonder if i just change the certs to the ones from NPM if it will work. Commented Jan 28 at 13:35

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.