Hi Let’s Encrypt community,
I renewed the certificate on my amazon server but I am still getting https certificate error on the browser
./certbot-auto certificates
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: www.tumoohi.org
Domains: www.tumoohi.org
Expiry Date: 2018-02-14 21:06:06+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.tumoohi.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.tumoohi.org/privkey.pem
[ec2-user@ip-172-31-18-71 ~]$ echo | openssl s_client -connect www.tumoohi.org:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Aug 15 17:47:00 2017 GMT
notAfter=Nov 13 17:47:00 2017 GMT
[ec2-user@ip-172-31-18-71 ~]$
I used certbot-auto script to renew standalone. I restarted httpd service but I still see the error? Is there any steps that I am missing any steps? Is there any SSL installation needed?
Thank you in advance
Regards,
sab7a85
In your Apache configuration, are you referring to the certificate in /etc/letsencrypt/live/www.tumoohi.org or another location?
What is the output of ls -l /etc/letsencrypt/live/www.tumoohi.org ?
Thanks for helping @jmorahan
I checked the ssl_error_log and I saw this error repeated:
[Thu Nov 16 22:51:05.988264 2017] [ssl:warn] [pid 3914] AH01909: ip-172-31-18-71.eu-west-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
Here are the outputs you asked:
sudo ls -lrt /etc/letsencrypt/live/www.tumoohi.org
total 4
-rw-r–r-- 1 root root 543 Aug 15 18:46 README
lrwxrwxrwx 1 root root 42 Nov 16 22:06 privkey.pem -> …/…/archive/www.tumoohi.org/privkey3.pem
lrwxrwxrwx 1 root root 44 Nov 16 22:06 fullchain.pem -> …/…/archive/www.tumoohi.org/fullchain3.pem
lrwxrwxrwx 1 root root 40 Nov 16 22:06 chain.pem -> …/…/archive/www.tumoohi.org/chain3.pem
lrwxrwxrwx 1 root root 39 Nov 16 22:06 cert.pem -> …/…/archive/www.tumoohi.org/cert3.pem
sudo ls -lrt /etc/letsencrypt/archive/www.tumoohi.org
total 48
-rw-r–r-- 1 root root 1704 Aug 15 18:46 privkey1.pem
-rw-r–r-- 1 root root 3444 Aug 15 18:46 fullchain1.pem
-rw-r–r-- 1 root root 1647 Aug 15 18:46 chain1.pem
-rw-r–r-- 1 root root 1797 Aug 15 18:46 cert1.pem
-rw-r–r-- 1 root root 1708 Nov 12 20:33 privkey2.pem
-rw-r–r-- 1 root root 3444 Nov 12 20:33 fullchain2.pem
-rw-r–r-- 1 root root 1647 Nov 12 20:33 chain2.pem
-rw-r–r-- 1 root root 1797 Nov 12 20:33 cert2.pem
-rw-r–r-- 1 root root 1704 Nov 16 22:06 privkey3.pem
-rw-r–r-- 1 root root 3444 Nov 16 22:06 fullchain3.pem
-rw-r–r-- 1 root root 1647 Nov 16 22:06 chain3.pem
-rw-r–r-- 1 root root 1797 Nov 16 22:06 cert3.pem
I had the following setting in ssl.conf file
SSLCertificateFile /etc/pki/tls/certs/custom.pem
SSLCertificateKeyFile /etc/pki/tls/certs/privkey.pem
SSLCACertificateFile /etc/pki/tls/certs/intermediate.pem
And I changed the lines to:
SSLCertificateFile /etc/letsencrypt/live/www.tumoohi.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.tumoohi.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.tumoohi.org/chain.pem
But I still see an error in ssl_error.log
[Fri Nov 17 07:06:20.897759 2017] [ssl:warn] [pid 6321] AH01909: ip-172-31-18-71.eu-west-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
Please let me know your thoughts
I added the following line to httpd.conf file:
ServerName www.tumoohi.org
I can see the it is updated now
./certbot-auto certificates
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: www.tumoohi.org
Domains: www.tumoohi.org
Expiry Date: 2018-02-14 21:06:06+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.tumoohi.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.tumoohi.org/privkey.pem
I restarted httpd service and refreshed the browsers but the browsers still show errors with with the website security certificate ?!
Fixed !! I guess I just had to give it some time after the work i did above
#patienceisatreasure
Strange, I have no idea why there would be a delay. Glad you got it working though!