All of a sudden - I'm back to a self-signed cert!

My domain is: keyorg.systems
I ran this command: just went to the website in chrome
It produced this output: "NET::ERR_CERT_AUTHORITY_INVALID"
Centos 7 w/apache
No control panel
Certbot 1.4.0

whynopadlock:
https://www.whynopadlock.com/results/c5e625bb-1712-47eb-9ca6-e369ad54563a
Problems:

  1. self-signed certificate
  2. domain matching - no domains listed!

background - Previous problem solved months ago (and no server config changes since - well, I made a few new sites but no ssl when this started happening):
https://community.letsencrypt.org/t/deleting-self-signed-certificate-to-use-a-real-certificate/139844/13

Hi @bkos

please read your older topic. There are all relevant informations.

and no server config changes since - well, I made a few new sites

If you create a buggy configuration, your SSL is affected.

Looks like you have created such bugs. So use the tools of your older topic to find your bugs.

1 Like

JuergenAuer,

the things is, It was sheer luck that I was able to fix it before. I don't know how to debug and fix it. What I do know is this:
apache -S shows that I have duplicate ports:
*:443 is a NameVirtualHost default server keyorg.systems (/etc/httpd/conf.d/ssl.conf:56) port 443 namevhost keyorg.systems (/etc/httpd/conf.d/ssl.conf:56) port 443 namevhost www.keyorg.systems (/etc/httpd/sites-available/keyorg.systems-le-ssl.conf:2) alias keyorg.systems

What I don't know is where to change this so it only sees 1 instance of this.

ssl.conf reads:
56 <VirtualHost _default_:443> 57 58 # General setup for the virtual host, inherited from global configuration 59 #DocumentRoot "/var/www/html" 60 #ServerName www.example.com:443

Should I be changing something there?

1 Like

all is working now. here's what i did:

  1. I changed the virtualhost to refer to localhost instead of default in /etc/httpd/conf.d/ssl.conf
    this got rid of the duplicates that were pointing to .../ssl.conf:56
  2. then I made sure that I had the right certbot entry without the www.keyorg.systems (which I changed after the site started breaking, but remembered that that might be a thing) ... after the change from #1 this almost worked in that whynopadlock had it broken but ssllabs said it worked ... when i deleted the certbot entry with www and created a new certbot entry without www things went smoothly again
2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.