Registering account
Verify each domain
Verifying cleardesk.co cleardesk.co is already validated
Verifying www.cleardesk.co www.cleardesk.co is already validated
Verification completed, obtaining certificate.
Certificate saved in /root/.getssl/cleardesk.co/cleardesk.co.crt
The intermediate CA cert is in /root/.getssl/cleardesk.co/chain.crt
copying domain certificate to /etc/ssl/certs/domain.crt
copying private key to /etc/ssl/private/domain.key
getssl: cleardesk.co - certificate obtained but certificate on server is different from the new certificate
I ran this command: openssl req -in “/home/clearde3/ssl/certs/www.cleardesk.co.csr” -noout -text
It produced this output:
Subject: C=GB, CN=*.cleardesk.co
*NOTE1: it looks like the old Comodo wildcard .domain csr is still in place - don’t know how to update it?
NOTE: 2 I cannot see new certificate in whm when I try to add it - all the old expired comodo certs are still there ?
My operating system is (include version):
Linux server.cleardesk.co 2.6.32-642.6.2.el6.x86_64 #1 SMP Wed Oct 26 06:52:09 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
My web server is (include version): Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips
My hosting provider, if applicable, is: Bluehost
I can login to a root shell on my machine (yes or no, or I don’t know): yes (ssh via Mac)
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
CPanel - 60.0 (build 19)
Thanks for the reply - yes indeed these are in different locations. The problem I have:
How do I get Apache to use the new certificate & key in (/etc/ssl/certs/domain.crt && /etc/ssl/private/domain.key)
How do I change/update the old CSR (/home/clearde3/ssl/certs/www.cleardesk.co.csr( as this contains a different domain e.g. wildcard *.cleardesk.co --> the new cert is only valid for single domain e.g. cleardesk.co?
Regarding (2) can this stay in the current location as it is different from (/etc/ssl/certs/) ?
I keep getting- certificate obtained but certificate on server is different from the new certificate - what does this mean ??? I have downloaded the new cert into the correct location for Apache as suggested by serverco - I can’t seem to find a way out of this?? output below any help would be very much appreciated.
A more recent version (v1.84) of getssl is available, please update
the easiest way is to use the -u or --upgrade flag
existing csr at /root/.getssl/cleardesk.co/cleardesk.co.csr does not have the same domains as the config - re-create-csr
creating domain csr - /root/.getssl/cleardesk.co/cleardesk.co.csr
Registering account
Verify each domain
Verifying cleardesk.co cleardesk.co is already validated
Verification completed, obtaining certificate.
Certificate saved in /root/.getssl/cleardesk.co/cleardesk.co.crt
The intermediate CA cert is in /root/.getssl/cleardesk.co/chain.crt
copying domain certificate to /home/clearde3/ssl/certs/www.cleardesk.co.crt
copying private key to /home/clearde3/ssl/private/www.cleardesk.co.key
getssl: cleardesk.co - certificate obtained but certificate on server is different from the new certificate
If you keep using -f to force new certificates you will simply hit the rate limits and not be able to get more certificates for a period, so please don't do that
I'd suggest following this, and upgrading ( using the -u flag )
It means that you have a new certificate - but your current webserver isn't using it. May you haven't restarted / reloaded the webserver ?
I'd suggest restarting it and checking - then checking your certificate (as currently you are using an SSL cert for from bluehost).
A CSR is used to obtain a certificate from a certificate authority. But only the certificate itself is presented to end-users like site visitors. As a vague analogy, to get a passport you need to complete a passport application. But when you travel to another country, you show the customs authorities there your passport, not your passport application. Depending on your situation, you likely have no need to retain a copy of your own passport application at all, once your passport has already been issued. But when it expires, you'll need to complete a new one to get a new passport.