My PC certificate is valid
another PC is not.
anyone can access to https://nblp.moph.go.th to see result.
thnx.
Because you are only sending the leaf cert not the fullchain. Did you change your Apache since your last thread to use cert.pem instead of fullchain.pem?
Your local browser probably has a correct result cached so it works for you
See this SSL Checker site
4 Likes
I remember I did some things for apache cuz the first one expired for 90 days. After renew it not show the new one. How to solve this problem?. How I go back to where I start using cert like firstly?
I always check as you recommend, but the same result was displayed.
"Can Someone tell me, why it only my pc is valid cert?"
You probably [manually] "trusted" that cert.
So, it will always show "trusted" [even after expired].
What ACME client are you using?
[certbot?]
4 Likes
yep, certbot 0.40
That's pretty outdated.
What shows?:
certbot certificates
certbot renew --dry-run
3 Likes
The "-0001" in the cert name is usually an indication of something not going to plan.
Try:
certbot renew
[will likely not be needed]
Then show:
sudo apachectl -t -D DUMP_VHOSTS
4 Likes
As I suspected...
Let's have a look at the file:
/etc/apache2/sites-enabled/000-default-le-ssl.conf
4 Likes
Very strange... that seems correct.
Let's see:
ls -lR /etc/letsencrypt/* | grep fullchain
4 Likes
Have you restarted/reloaded Apache?
sudo systemctl reload apache2
4 Likes
Let's check:
ps -ef | grep apache | grep -v grep
4 Likes
And the problem continues to elude me ...
Let's recheck the dates on that 5th cert:
ls -l /etc/letsencrypt/archive/nblp.moph.go.th-0001/*5.pem
And ensure the symlinks are pointing in the right direction:
ls -l /etc/letsencrypt/live/nblp.moph.go.th-0001/*
EDIT: Too many TYPOs!!!
4 Likes