i hope you can help me. i changed my apache config to a vhost file. After that i used letsencrypt in auto-mode and it created the certificate successfully. My Homepage works fine with SSL.
But the problem is, that it will work only without www before the address.
Your cert is for waffelparty.net only, if you want www.waffelparty.net as well then you need to ask for both names by using multiple -d flags (also add --expand to replace the existing cert).
Somewhere in your apache configuration is a <VirtualHost> that’s configured to use a self-signed certificate issued on March 10th. Take a look at all files in /etc/apache2/sites-enabled/ and remove that <VirtualHost> if you don’t need it. If you can’t find anything in that directory, take a look at all other config files in /etc/apache2
Make sure that your SSL <VirtualHost> for waffelparty.net has a ServerAlias for www.waffelparty.net too. That’s how apache decides with certificate to use.
Once that is done, you might have to run the client again in order to cover the www subdomain in a new certificate. Every domain and subdomain you want to use has to be included explicitly; www is not magically covered by the “main” domain.
There’s definitely another SSL certificate configured somewhere in your configuration. This is not a certificate Let’s Encrypt would issue:
openssl s_client -connect www.waffelparty.net:443
CONNECTED(00000003)
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=waffelparty.net/emailAddress=root@waffelparty.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=waffelparty.net/emailAddress=root@waffelparty.net
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=waffelparty.net/emailAddress=root@waffelparty.net
i:/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=waffelparty.net/emailAddress=root@waffelparty.net
---
Try:
grep -r "VirtualHost" /etc/apache2/
or:
grep -r "SSLCertificate" /etc/apache2/
to find the file.
Note that www.waffelparty.net:80 is not a valid ServerName - you’ll want to get rid of the port here. Do you recall if that’s something the client did? This might be a bug.
(Small correction - not sure if this is invalid per se, but it’s not what you’d want for a SSL VirtualHost.)
nah. forgot to delete the :80 at the end. That was my error.
Could the problem be the pre-configurated SSL Config?
`[root@waffelparty letsencrypt]# grep -r “SSLCertificate” /etc/httpd/
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateFile at a PEM encoded certificate. If
/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/pki/tls/certs/localhost.crt
/etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateChainFile at a file containing the
/etc/httpd/conf.d/ssl.conf:# the referenced file can be the same as SSLCertificateFile
/etc/httpd/conf.d/ssl.conf:#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
/etc/httpd/sites-enabled/waffelparty.net-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/waffelparty.net/cert.pem
/etc/httpd/sites-enabled/waffelparty.net-le-ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/waffelparty.net/privkey.pem
/etc/httpd/sites-enabled/waffelparty.net-le-ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/waffelparty.net/chain.pem