This is a weird one. We were using a self assigned cert while developing a new site. Apache2 is running on Ubuntu 16.04. At some point we wanted to switch to a Let’s Encrypt cert, so I installed certbot from the ppa, ran
sudo certbot --apache -d beta.santa-ana.org and everything went ok. Restarted apache2. Going to the main page of my site it looked like it picked up on the cert, but on some deeper down or backend links it seems to still be detecting my self-assigned cert.
So detective work I went. I made sure to disable the old default-ssl.conf file I was using for the site, I removed the keys themselves. I ran
sudo apache2ctl -S to get my configs and the output is just as expected:
*:443 beta.santa-ana.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 <internal_ip> (/etc/apache2/sites-enabled/000-default.conf:1)
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
And of course the config file being served *:443 was the one generated by Let’s Encrypt and all the files point to the keys generated therein.
So what gives? How should I proceed? I’ve cleared my cache, I’ve the restarted apache2 several times.
Thanks for the help.