I have two domains with different certs hosted on the same environment. On some occasions, browsers will issue ssl warnings for either domain, but after refreshing the browser, the warning disappears and the site is secure. Using a cert checker like SSL Server Test: www.elr.info (Powered by Qualys SSL Labs) shows both a valid cert and an expired cert being used, but there is only one cert for each domain on the host that I can find with certbot certificates.
Definitely check your Apache VirtualHosts for wrong or duplicated cert definitions.
Also, view the output of below to see if you have any VirtualHosts with duplicated domain names
sudo apache2ctl -t -D DUMP_VHOSTS
If none of those resolve it try rebooting your server. Sometimes Apache worker processes get "stuck" and use an old config and/or cert. You can check this and even fix by carefully reviewing each running pid but a server reboot is easier (if you can suffer the disruption).
That said, the expired cert shown by SSL Labs is the one issued on Feb22. It is odd that whatever is wrong is using that rather than the later one from Apr25 or of course the one from Jun25. A worker would have been stuck for a long time.
Well, that should be fixed anyway. After fixing and restarting Apache see if SSL Labs still reports problem. If you want help post the dump_vhosts output
I'll get clean up the vhost config and try that, in the mean time here's the output of apache2ctl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 is a NameVirtualHost
default server aghsandbox.eli.org (/etc/apache2/sites-enabled/agh.sandbox-le-ssl.conf:2)
port 443 namevhost aghsandbox.eli.org (/etc/apache2/sites-enabled/agh.sandbox-le-ssl.conf:2)
port 443 namevhost cmmsandbox.eli.org (/etc/apache2/sites-enabled/cmmsandboxes-le-ssl.conf:2)
port 443 namevhost cmmsandbox.elr.info (/etc/apache2/sites-enabled/cmmsandboxes-le-ssl.conf:25)
port 443 namevhost www.eli.org (/etc/apache2/sites-enabled/eli.org.conf:26)
port 443 namevhost eli.org (/etc/apache2/sites-enabled/eli.org.conf:44)
port 443 namevhost elr.info (/etc/apache2/sites-enabled/elr.info-le-ssl.conf:2)
port 443 namevhost www.elr.info (/etc/apache2/sites-enabled/elr.info-le-ssl.conf:12)
*:80 is a NameVirtualHost
default server lovins.eli.org (/etc/apache2/sites-enabled/000-aghdefault.conf:1)
port 80 namevhost lovins.eli.org (/etc/apache2/sites-enabled/000-aghdefault.conf:1)
port 80 namevhost aghsandbox.eli.org (/etc/apache2/sites-enabled/agh.sandbox.conf:1)
port 80 namevhost cmmsandbox.eli.org (/etc/apache2/sites-enabled/cmmsandboxes.conf:1)
port 80 namevhost cmmsandbox.elr.info (/etc/apache2/sites-enabled/cmmsandboxes.conf:17)
port 80 namevhost www.eli.org (/etc/apache2/sites-enabled/eli.org.conf:1)
port 80 namevhost eli.org (/etc/apache2/sites-enabled/eli.org.conf:17)
port 80 namevhost www.elr.info (/etc/apache2/sites-enabled/elr.info.conf:1)
port 80 namevhost elr.info (/etc/apache2/sites-enabled/elr.info.conf:17)
Can you show contents of that file? Based on that output I don't see any overlap. But, some systems don't show ServerAlias names. I thought recent Ubuntu do but easier to just look at the file
Best if you place 3 backticks before and after the contents so some tags at not dropped by forum formatting. Like
```
contents of file
```
I've updated that file, for some reason there were blocks in it for port 443, which I've put in another config file like eli.org-le-ssl.conf and enabled that. That may have done the trick, since I'm not seeing any more issues from SSL Labs.
Looks like there are still issues, although I can't seem to find anything useful in this report SSL Server Test: eli.org (Powered by Qualys SSL Labs). One of the sites has working apache vhost config, I'll try to just copy that for the one that's not working.
That SSL Labs report looks clean for both eli.org and elr.info. Which is an improvement
I think the problem now is more likely something like a faulty URL in an html page. Use a browser developer feature to view the requests and what is failing. Or, check the details of whatever error your browser shows.
