(Solved) Certificate error for subdomain (office) + web app errors

ℹ️ Support 📄 Collabora
1

Hi,

I’m running nextcloud 11.0.2 (stable) and I just installed collabora using techandme’s script

Collabora is at office.domain.com and nextcloud is at cloud.domain.com

Everything seems to have completed successfully yet I’m getting the wrong cert when I navigate to collabora’s subdomain. When I go to office.domain.com I get the cert with CN=cloud.domain.com even though all the letsencrypt certs for office. are there.

How can I make sure that I get the right cert for the collabora subdomain?

Attached is the /etc/apache2/sites-enabled/office.domain.com.conf with my domain replaced by domain.com

<VirtualHost office.domain.com:443>
  ServerName office.domain.com:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateChainFile /etc/letsencrypt/live/office.domain.com/chain.pem
  SSLCertificateFile /etc/letsencrypt/live/office.domain.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/office.domain.com/privkey.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-$
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

If you also need /etc/apache2/sites-enabled/cloud.domain.com.conf let me know!
script details

Thank you
Anestis

2

Changing to <*:443> fixed the issue.