Certbot created new certificates but browsers see old one

bruncsak · September 11, 2020, 7:54pm

Please provide the output of the following command:
ls -l /etc/httpd/conf*/*.conf

rg305 · September 11, 2020, 8:00pm

I bet it’s only the same two files.

[and the unrelated entries in the /etc/httpd/conf.modules.d/ folder]
(if any - like:)

/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-ssl.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf

bruncsak · September 11, 2020, 8:01pm

Hopefully, yes, that must be.

mitwess · September 11, 2020, 8:07pm

rg305 · September 11, 2020, 8:08pm

Oh oh!
new player in the game - lol “Feb 19 2018”:
/etc/httpd/conf.d/welcome.conf

Can we see what that is doing or NOT doing?

Ok let’s not assume anything and check the PHP.CONF file too!

According to this:
ServerRoot "/etc/httpd"
Include conf.d/*.conf
they will be included.

rg305 · September 11, 2020, 8:26pm

cat /etc/httpd/conf.d/welcome.conf

#
# This configuration file enables the default "Welcome" page if there
# is no default index page present for the root URL.  To disable the
# Welcome page, comment out all the lines below.
#
# NOTE: if this file is removed, it will be restored on upgrades.
#
<LocationMatch "^/+$">
    Options -Indexes
    ErrorDocument 403 /.noindex.html
</LocationMatch>

<Directory /usr/share/httpd/noindex>
    AllowOverride None
    Require all granted
</Directory>

Alias /.noindex.html /usr/share/httpd/noindex/index.html
Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png

rg305 · September 11, 2020, 9:09pm

And now the the really important stuff:
[You have a cert but the site security is non-existent]
"This server is vulnerable to the POODLE attack"
"This server accepts RC4 cipher"
https://www.ssllabs.com/ssltest/analyze.html?d=similarminds.com

mitwess · September 11, 2020, 9:59pm

thanks for the heads up, fixed everything except forward secrecy. how important is that to fix/address?

rg305 · September 11, 2020, 10:54pm

Important and easy to fix too.
But the exact "fix" depends on your systems output of:
openssl version
openssl ciphers

system · October 11, 2020, 10:54pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot does not allow new certificates anymore, although I do not own any yet Help	3	557	February 17, 2021
Attempt two, use certbot to install certificates Help	3	759	March 12, 2020
Problem with Certbot renew Help	59	2529	November 30, 2020
Certificate Name Help	3	923	March 30, 2018
To remove the old SSL certificate installed on my system in order to install a new one with Certbot Help	10	1291	March 27, 2023

Certbot created new certificates but browsers see old one

Related topics