[Tue Sep 22 05:36:10.620711 2020] [mpm_event:notice] [pid 771:tid 140519184137280] AH00493: SIGUSR1 received. Doing graceful restart
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using ADMIN.DOMAIN. Set the ‘ServerName’ directive globally to suppress this message
[Tue Sep 22 05:36:10.738062 2020] [ssl:warn] [pid 771:tid 140519184137280] AH01909: IP.ADDRESSES.(1):443:0 server certificate does NOT include an ID which matches the server name
[Tue Sep 22 05:36:10.738442 2020] [ssl:warn] [pid 771:tid 140519184137280] AH01909: IP.ADDRESSES.(2):443:0 server certificate does NOT include an ID which matches the server name
[Tue Sep 22 05:36:10.738871 2020] [mpm_event:notice] [pid 771:tid 140519184137280] AH00489: Apache/2.4.46 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/1.1.1g configured – resuming normal operations
[Tue Sep 22 05:36:10.738887 2020] [core:notice] [pid 771:tid 140519184137280] AH00094: Command line: ‘/usr/sbin/apache2’
This is the config file located at /etc/apache2/conf.d/PUBLIC-IP.conf
Also this is the config file located at /etc/apache2/apache2.conf
I’m getting this when I run “systemctl status apache2.service” :
it literally says there is no (domain-)name in the cert that matches your servername … you are using an IP instead of a domain as servername.
because certificates can’t be issued properly to just IPs you’ll have to live with the warning as is
When dealing with Apache problems first thing to do is : sudo apachectl configtest and sudo systemctl status apache2.service
check hostname of your box, type : hostname or hostnamectl
whats the output of that?
if you get DNS name like mail.yourdomain.com or something similar you have to add line to
the end of /etc/apache2/apache2.conf :
ServerName mail.yourdomain.com
or you can create file fqdn.conf in /etc/apache2/conf.d/
and put the same line there:
ServerName mail.yourdomain.com
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using ADMIN.DOMAIN. Set the ‘ServerName’ directive globally to suppress this message
But I am still getting the other errors.
[ssl:warn] [pid 771:tid 140519184137280] AH01909: IP.ADDRESSES.(1):443:0 server certificate does NOT include an ID which matches the server name
[ssl:warn] [pid 771:tid 140519184137280] AH01909: IP.ADDRESSES.(2):443:0 server certificate does NOT include an ID which matches the server name
@Falzo - it seems there are quite a few forum posts about this error. I’m also seeing this in my error logs and I assume it has to do with how the certs are created during the setup of the server and Hestia.
Unfortunately, one of the the forum discussions appear to have a solution to this problem, so I assume people will continue to post the question. I was hoping you could help explain how to resolve this issue, so that it can be documented on this thread for others to read in the future.
I am seeing the same entries in my log file, I’m unclear on what has to happen for these to be written to the logs, but they continue to appear. They aren’t linked to any domain name, but simply the 3 IP addresses listed on my server (1 public IP address and 2 private digitalocean addresses - no idea what they are even for).
So I believe, as you explained, the issue is because these are IP addresses and not a domain. All my websites are working just fine with SSL, as well as, the server’s hostname, also setup with a Let’s Encrypt SSL cert. Typing hostname at the terminal, provides the correct fully qualified domain name.
So, it seems the below error is because a self signed cert was created at time of installation of the server and these certs are sitting on the server and causing these errors, is this correct? Can we safely delete these certs from the server and then this error will stop? If yes, how do I find out the location of the cert?
[Sun Apr 25 00:00:04.608285 2021] [ssl:warn] [pid 121697:tid 140589536914752] AH01909: (MYPUBLICIPADDRESS):443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 25 00:00:04.609007 2021] [ssl:warn] [pid 121697:tid 140589536914752] AH01909: (PRIVATEIPADDRESS1):443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 25 00:00:04.609651 2021] [ssl:warn] [pid 121697:tid 140589536914752] AH01909: (PRIVATEIPADDRESS2):443:0 server certificate does NOT include an ID which matches the server name
@eris - thanks for the comment. I believe you gave me that advice last week when I was first setting up the new HestiaCP server. I was having issues with the SSL and accessing the HestiaCP via my server hostname. And thank you for that advice, as that indeed solved my issue and the SSL cert was created and problem solved.
However, this appears to be something different, as all domains, email, and the server hostname (which I use to connect to the HestiaCP) all work fine.
It’s just that I’m getting these error messages in the log (/var/log/apache2/error.log) everytime I restart Apache2. I just tested it right now. If I restart Apache, it will add these lines to the error log:
[Mon Apr 26 00:00:58.641369 2021] [mpm_event:notice] [pid 606212:tid 140145174773056] AH00492: caught SIGWINCH, shutting down gracefully
[Sun Apr 25 23:58:42.984970 2021] [ssl:warn] [pid 606206:tid 140145174773056] AH01909: xxx.xxx.xxx.xxx:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 25 23:58:42.985867 2021] [ssl:warn] [pid 606206:tid 140145174773056] AH01909: xx.xxx.xxx.xxx:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 25 23:58:42.986656 2021] [ssl:warn] [pid 606206:tid 140145174773056] AH01909: xx.xxx.xxx.xxx:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 25 23:58:42.987267 2021] [suexec:notice] [pid 606206:tid 140145174773056] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Sun Apr 25 23:58:43.014232 2021] [ssl:warn] [pid 606212:tid 140145174773056] AH01909: xxx.xxx.xxx.xxx:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 25 23:58:43.015104 2021] [ssl:warn] [pid 606212:tid 140145174773056] AH01909: xx.xxx.xxx.xxx:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 25 23:58:43.015867 2021] [ssl:warn] [pid 606212:tid 140145174773056] AH01909: xx.xxx.xxx.xxx:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 25 23:58:43.017778 2021] [mpm_event:notice] [pid 606212:tid 140145174773056] AH00489: Apache/2.4.46 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/1.1.1f configured -- resuming normal operations
[Sun Apr 25 23:58:43.017817 2021] [core:notice] [pid 606212:tid 140145174773056] AH00094: Command line: '/usr/sbin/apache2'
Can someone from the HestiaCP team help me with this, this definitely seems to be caused by the files generated from the HestiaCP installation. And seeing that there are others asking this question on the forum, it would be helpful to get direction on what needs to be done in this situation. I’m worried about deleting things and breaking things.
So as I mentioned above, there are 3 errors of “server certificate does NOT include an ID which matches the server name”, one for each IP address assigned to the server.
I had a look in the folder here: /etc/apache2/conf.d
Within that folder is the domains folder, which includes all the .ssl.conf and .conf files for each domain configured on the server. All look fine and working with SSL.
In the root of that folder there are also other files, specifically, there are three .conf files, one for each of the 3 IP addresses I referred to above (2 private and my public server IP address).
Here is an example of the contents of one of those files (the publicIP address one). So I assume this is what’s causing the issue. And I see that it has a SSL Cert created by Hestia, so I assume these files were setup at time of installing HESTIACP.
So what do I do? Can I just remove these three files, are they needed? I could obviously add my server’s hostname to this file in the ServerName line, but is that what I am supposed to do? How about the other two internal IP address .conf files?
Here is what I tested, I simply swapped out the IP addresses for my server’s hostname, the one I use to connect to the HestiaCP control panel (e.g. myservername.com:8083) in those three files on the ServerName line.
Then I reloaded apache2 and restarted. The errors are no longer being written to the log file. I can still log into the HestiaCP so that all seems fine.
So, is this the solution to this? Are these IPADDRESS.conf files necessary or just something that was created by the HestiaCP installation and they can be removed?
I assume this is created for anyone that is installing this platform and hence there should be some knowledge doc to explain that these files need to be manually updated on the server post installation to avoid these warnings.
Can someone please confirm I have taken the correct steps in resolving this? Thanks!
Hi @eris - I’m not demanding anything, I’m just asking for support. And I’m asking here in this forum so that it can be documented to help others (and also avoid others from posting and asking you guys the same questions). I honestly, don’t understand the hostile response.
In fact, I am starting to see a trend in the other posts on this forum. Why are the responses so hostile to people that are trying to use your platform and promote it? Isn’t that the entire purpose, if the platform was just for a handful of developers that wanted something better than VestaCP, then just fork it and keep it to yourselves.
I’m starting to get a bit concerned on the future life of this product with such an attitude. People are being told in VestaCP forum to actively move from VestaCP and to join the HestiaCP bandwagon. Which is great, if the user community is active (and friendly/supportive), and growing.
But I don’t think short answers and then negative responses with emotions are helpful.
Honestly, I think what has been created is great, it fills a void, but it seems like everyone is resentful for people asking questions or for support. Also, I think this forum should not just be for only the HestiaCP team to respond, but anyone can respond (taking away some of the burden).
I don’t know, I just felt after receiving a few of these kind of responses and not fully helpful, that I should voice this opinion, so that you can understand what some of the users of this platform may feel like.
If the purpose is to build a great tool to share and help others, the attitude seems to be mismatched. Or perhaps some are just annoyed by having to deal with all these questions. It’s very strange.
And yes, to answer your question. I checked Parzival’s answer. It was not the solution to the problem. I clearly explained the solution I found in my last post. Did you see read it.
The hostname on the server is not the issue, the issue is the .conf files the hestiaCP installer creates at time of setup. I had to manually update those IP.conf files with the servername value. I’m trying to understand if this is the correct solution and why it even happens in the first place.
Since the hostname is given at installation, this hostname could have been added to these individual IP.conf files that are created. So if this is something that’s missed, it should be addressed, if it’s not as intended.
I’m 1.) trying to solve the issue and 2.) also help identify if there is some issue with the installer or how this gets setup. Maybe since it’s just a warning, it’s not high priority to fix. I don’t know, I’m just trying to be helpful and this is also consuming my time to write these posts to help others that may find them. I already found the solution several hours ago, but I thought it would be helpful to share on this post for others.
Thanks for the reply Eris. I’m not sure why, but my files have VirtualHost tags around those statements you listed. I’m not sure why yours do not. And you mentioned that you include the IP address and not the hostname in your file. In my case, that results in the warnings in the log.
Anyway, for anyone that comes across this thread, the fix I posted above, simply changing from the IP address listed in the ServerName line to your servers hostname (the one that displays when you type hostname in the terminal), was the fix for me.
I don’t see any issues with the server so far, but I will report back if I see anything new come up from this change. Unfortunately, including the IP address in the file as eris mentioned, still produced warnings.
If anyone finds something wrong with the way I resolved the issue in my code block above, please let me know. I would greatly appreciate it. Thanks!
indeed, it’s just a warning, not an error. the whole thing in apache is internal anyway as it is behind nginx as proxy so it does not matter at all. simply ignore it
Thanks for confirming Falzo! I really appreciate it. I solved the issue by adding the ServerName values in those three files, so at least it doesn’t clutter up the log file. And as you confirmed, it’s not going to impact anything else anyway, so that’s good to know.
