(Solved) Certificate error for subdomain (office) + web app errors


I’m running nextcloud 11.0.2 (stable) and I just installed collabora using techandme’s script

Collabora is at office.domain.com and nextcloud is at cloud.domain.com

Everything seems to have completed successfully yet I’m getting the wrong cert when I navigate to collabora’s subdomain. When I go to office.domain.com I get the cert with CN=cloud.domain.com even though all the letsencrypt certs for office. are there.

How can I make sure that I get the right cert for the collabora subdomain?

Attached is the /etc/apache2/sites-enabled/office.domain.com.conf with my domain replaced by domain.com

<VirtualHost office.domain.com:443>
  ServerName office.domain.com:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateChainFile /etc/letsencrypt/live/office.domain.com/chain.pem
  SSLCertificateFile /etc/letsencrypt/live/office.domain.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/office.domain.com/privkey.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet retry=0
  ProxyPassReverse    /loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool
  ProxyPassReverse    /lool

If you also need /etc/apache2/sites-enabled/cloud.domain.com.conf let me know!
script details

Thank you

Changing to <*:443> fixed the issue.