Certbot issuing self-signed certificate


#1

I’ve installed certbot as per the instructions on the certbot site, I’m running CentOS 7 and Apache.

When I try to issue a certificate, it says it has been successfully generated. My browser then shows that it’s a self-signed certificate that has been implemented.

I’ve tried running “sudo certbot --server https://acme-v01.api.letsencrypt.org/directory” and re-issuing the certificate via that, but that also didn’t work. I’ve restarted the server and apache numerous times. I’ve also tried changing the SSLCertificateFile to the fullchain.pem file.

This was on a completely fresh server.


Update wildcard certificate to include base domain
#2

I seem to recall that CentOS generates (and enables) a self-signed certificate when you install mod_ssl. My best guess is that there’s a second configuration file somewhere in /etc/httpd with a SSLCertificateFile directive pointing to that self-signed certificate rather than the real one in /etc/letsencrypt. A quick grep for SSL in /etc/httpd should find the culprit.


#3

As an additional check, you could run

openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -text -noout

just to see what the contents of the certificate are supposed to be. It would be extremely surprising if they were actually a self-signed cert!


#4

Thanks for the response. Yes you were completely correct - /etc/httpd/conf.d/ssl.conf contained a default VirtualHost for 443 connections, within which it used a localhost certificate. I just deleted the entire default VirtualHost and it worked great.

Interesting how Apache doesn’t listen to more specific VirtualHosts instead of this default one though.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.