I am running Cent OS 7 / System Apache on a Digital Ocean VM and wanted to add an SSL certificate so my PHP based rest service can communicate with an Android app I am developing. The DNS entry maps to the specific host, its only serving one subdomain, so its really a pretty basic set up.
So, last night I download certbot and run it and it complains about no vhosts found. Fine, whatever, I turn it into a single vhost setup. It finds it and seems to install just fine. So I go to my browser and it says its a security issue and that its a self signed certificate. I’ve seen this issue alluded to on here before, but I wanted to share what fixed it for me, as most of those threads it just magically worked one day.
When SSL was enabled automatically by certbot, apache added a ssl.conf file in the conf.d directory. This is fine and good, but it defines its own vhost with default keys shipped with the OS. Since s comes before v, it parsed it first as the default profile and viola, unsafe keys. Simplest fix is to comment out the whole vhost definifition in there (ssl.conf) but leave all of the engine stuff alone. It started on line 55 for me, but may be different on your OS. In vi, its an easy :55,$:s:^:#: to comment out the rest of the file.
Anyway, just wanted to share in case it helps anyone else.