DeprecationWarning: signer and verifier have been deprecated./UPD: Cert installed, https won't work

aqwed11 · August 15, 2017, 7:58am

Hello!

Server only speaks HTTP, not TLS

This issue has been solved yesterday. At least I receive no warnings on that.
Yes, mod_ssl is installed and loaded by Apache. phpinfo() and httpd -M |grep ssl_module report it.

As for 443:
grep -r 443 /etc/httpd shows that Listen 443 is only added in ssl.conf.
Here's the full result:

/etc/httpd/conf.d/rejushiiplotter-le-ssl.conf:<VirtualHost 217.170.72.27:443>
/etc/httpd/conf.d/ssl.conf:Listen 443
/etc/httpd/conf.d/ssl.conf:
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
/etc/httpd/certbot-auto: --hash=...

And iI've tried to edit ssl.conf and domain-le-ssl.conf as it was said here. No result.

It seems that Apache is taking ssl.conf settings for this vhost instead of vhhost's.

ssl.conf:

LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
VirtualHost default:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

<Files ~ ".(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars

<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars

SetEnvIf User-Agent ".MSIE."
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
/VirtualHost

domain-le-ssl.conf

IfModule mod_ssl.c
VirtualHost 217.170.72.27:443
ServerName rejushiiplotter.ru
ServerAlias www.rejushiiplotter.ru
  DocumentRoot /var/www/html/plotterblog
  
  DefaultType application/octet-stream
  ScriptAlias /cgi-bin/ /var/www/html/plotterblog/cgi-bin/

  <Directory /var/www/html/plotterblog/cgi-bin>
  	Options ExecCGI FollowSymLinks
  	AllowOverride  ALL
  </Directory>
SSLCertificateFile /etc/letsencrypt/live/rejushiiplotter.ru/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rejushiiplotter.ru/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/rejushiiplotter.ru/chain.pem
/VirtualHost
/IfModule