Hello, I have my page working already with an xpress ssl certificate, All I did was buy a wildcard certificate, downloaded it’s files and replaced the ones from the xpress one for this ones. Any idea why does this happen? Thanks in advance
Could you please double check if you installed the corrected certificate?
The stapling error reported a (seemingly) self-signed certificate.
More information:
The wildcard certificate from network solution OV CA is issued on Oct 10 2018, whereas the certificate apache is rejecting is issued on Aug 16 2018.
Also, do you know that let’s encrypt offers free wildcard certificate?
Hello, thank you for the reply,
Didn’t know about the free wildcard certificates from here, thanks for sharing, I’ll tell that to my boss for sure, but continuing with my actual issue, I think I might be losing something then, all I changed was the vhosts config to have the new certificate files referenced but this server ssl was previously configured by a colleague who is not here anymore.
Could you please try to run this command to check the virtual host configurations? apachectl -S
Since the above command will only prints a virtual host overview, you might need to dive into each section of virtual host to check which one used that self-signed certificate. (Which is the error since apache is trying to do stapling and a self-signed certificate… Doesn’t seems to have the issue certificate in trust store)
After running the command you are telling me I get this output:
[Thu Oct 11 16:46:29.396784 2018] [so:warn] [pid 28902] AH01574: module rewrite_module is already loaded, skipping
VirtualHost configuration:
*:8084 SWAT-KAN-DOCU01.swat.local (/etc/httpd/conf/httpd.conf:148)
*:8083 SWAT-KAN-DOCU01.swat.local (/etc/httpd/conf/httpd.conf:157)
*:443 is a NameVirtualHost
default server kanboard.swat.local (/etc/httpd/conf/httpd.conf:100)
port 443 namevhost kanboard.swat.local (/etc/httpd/conf/httpd.conf:100)
alias kanboard
port 443 namevhost docuswat.swat.local (/etc/httpd/conf/httpd.conf:115)
alias docuswat
port 443 namevhost swatsupport.swat.local (/etc/httpd/conf/httpd.conf:132)
alias swatsupport
port 443 namevhost kanboard.swat.us.com (/etc/httpd/conf/httpd.conf:169)
port 443 namevhost docuswat.swat.us.com (/etc/httpd/conf/httpd.conf:184)
port 443 namevhost support.swat.us.com (/etc/httpd/conf/httpd.conf:199)
port 443 namevhost swatsupport.swat.local (/etc/httpd/conf/httpd.conf:230)
port 443 namevhost SWAT-KAN-DOCU01.swat.local (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: “/run/httpd/httpd.pid”
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48
The thing is, at first there was this self-signed certificate installed, then I tried using an xpress certificate and it worked but gave the warning for not being a wildcard one, so I acquired this other but don’t remember the exact steps I used for changing it. So not sure if should only change the vhosts configuration or something else more?
Hello, after having help of a friend, we noticed that the only problem left now is that the key I have does not match this certificate, so my question is the following: Do you know if I can create a new key for the certificate?