I used certbot-auto script to renew standalone. I restarted httpd service but I still see the error? Is there any steps that I am missing any steps? Is there any SSL installation needed?
I checked the ssl_error_log and I saw this error repeated:
[Thu Nov 16 22:51:05.988264 2017] [ssl:warn] [pid 3914] AH01909: ip-172-31-18-71.eu-west-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
Here are the outputs you asked:
sudo ls -lrt /etc/letsencrypt/live/www.tumoohi.org
total 4
-rw-r–r-- 1 root root 543 Aug 15 18:46 README
lrwxrwxrwx 1 root root 42 Nov 16 22:06 privkey.pem -> …/…/archive/www.tumoohi.org/privkey3.pem
lrwxrwxrwx 1 root root 44 Nov 16 22:06 fullchain.pem -> …/…/archive/www.tumoohi.org/fullchain3.pem
lrwxrwxrwx 1 root root 40 Nov 16 22:06 chain.pem -> …/…/archive/www.tumoohi.org/chain3.pem
lrwxrwxrwx 1 root root 39 Nov 16 22:06 cert.pem -> …/…/archive/www.tumoohi.org/cert3.pem
sudo ls -lrt /etc/letsencrypt/archive/www.tumoohi.org
total 48
-rw-r–r-- 1 root root 1704 Aug 15 18:46 privkey1.pem
-rw-r–r-- 1 root root 3444 Aug 15 18:46 fullchain1.pem
-rw-r–r-- 1 root root 1647 Aug 15 18:46 chain1.pem
-rw-r–r-- 1 root root 1797 Aug 15 18:46 cert1.pem
-rw-r–r-- 1 root root 1708 Nov 12 20:33 privkey2.pem
-rw-r–r-- 1 root root 3444 Nov 12 20:33 fullchain2.pem
-rw-r–r-- 1 root root 1647 Nov 12 20:33 chain2.pem
-rw-r–r-- 1 root root 1797 Nov 12 20:33 cert2.pem
-rw-r–r-- 1 root root 1704 Nov 16 22:06 privkey3.pem
-rw-r–r-- 1 root root 3444 Nov 16 22:06 fullchain3.pem
-rw-r–r-- 1 root root 1647 Nov 16 22:06 chain3.pem
-rw-r–r-- 1 root root 1797 Nov 16 22:06 cert3.pem
I had the following setting in ssl.conf file
SSLCertificateFile /etc/pki/tls/certs/custom.pem
SSLCertificateKeyFile /etc/pki/tls/certs/privkey.pem
SSLCACertificateFile /etc/pki/tls/certs/intermediate.pem
And I changed the lines to:
SSLCertificateFile /etc/letsencrypt/live/www.tumoohi.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.tumoohi.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.tumoohi.org/chain.pem
But I still see an error in ssl_error.log
[Fri Nov 17 07:06:20.897759 2017] [ssl:warn] [pid 6321] AH01909: ip-172-31-18-71.eu-west-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
I added the following line to httpd.conf file:
ServerName www.tumoohi.org
I can see the it is updated now
./certbot-auto certificates
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: www.tumoohi.org
Domains: www.tumoohi.org
Expiry Date: 2018-02-14 21:06:06+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.tumoohi.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.tumoohi.org/privkey.pem
I restarted httpd service and refreshed the browsers but the browsers still show errors with with the website security certificate ?!