It might... let me tattoo that to my closed eyelid - lol
wat lol? So the chain.pem has two certs in it, do i delete both?
NO; only the last one (the bottom one)
Okay, so I have added the above cert to the blacklist folder, deleted the second one from my chain.pem file, run sudo update-ca-trust and rebooted but we still get the error can't connect to cremation.plus:443
If I use this tool SSL Checker - Test Certificate and Installation
it says the certificate has expired? On cremation.plus domain
Well it's still serving that "untrusted" cert:
---
Certificate chain
0 s:/CN=cremation.plus
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Try switching out the cross-signed "ISRG Root X1" for the self-signed "ISRG Root X1"
How do i do that? I am solid with linux but I don't know much about SSL, sorry.. I appreciate all this help. Just a dumb engineer.
No problem I'm a really dumb piano player!
The file we want is:
https://letsencrypt.org/certs/isrgrootx1.pem
The file it replaces/goes into depends... Let me check my eyelids...
...plesk...
No, which ACME client do you use?
[where are the cert pem files?]
I think I'm... deja vu... repeating myself...
What web server do you use?
Let's find it there.
Nginx I believe
OK try:
grep -Ri 'server_name|ssl_cert' /etc/nginx
null response
Looks like they are in /usr/local/psa/var/modules/letsencrypt
so do I find the domain file in there and replace it with the link above?
Try:
sudo netstat -pant | grep -Ei 'nginx|80|443'
No, let's stay out of there for now.
sudo netstat -pant | grep -Ei 'nginx|80|443'
tcp 0 0 64.207.185.212:443 0.0.0.0:* LISTEN 1109/nginx: master
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 484/sw-cp-server: m
tcp 0 0 0.0.0.0:7080 0.0.0.0:* LISTEN 584/httpd
tcp 0 0 64.207.185.212:80 0.0.0.0:* LISTEN 1109/nginx: master
tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN 484/sw-cp-server: m
tcp 0 0 64.207.185.212:443 66.249.66.82:49178 ESTABLISHED 1119/nginx: worker
tcp 0 0 64.207.185.212:443 114.119.134.148:18394 TIME_WAIT -
tcp 0 0 64.207.185.212:443 114.119.134.148:16652 TIME_WAIT -
tcp 0 0 64.207.185.212:443 78.157.40.245:53960 TIME_WAIT -
tcp 0 0 64.207.185.212:443 78.157.40.245:53646 TIME_WAIT -
tcp 0 0 64.207.185.212:443 107.215.18.195:49674 ESTABLISHED 1119/nginx: worker
tcp 0 0 64.207.185.212:7081 64.207.185.212:40808 TIME_WAIT -
tcp6 0 0 :::8443 :::* LISTEN 484/sw-cp-server: m
tcp6 0 0 :::8880 :::*
Ok, so it is definitely nginx
- good
Try these:
ps -ef | grep nginx
which nginx
find / -name nginx.conf
ps -ef | grep nginx
root 1109 1 0 02:51 ? 00:00:00 nginx: master process /usr/sbin/nginx
nginx 1119 1109 0 02:51 ? 00:00:03 nginx: worker process
root 2514 1825 0 03:20 pts/0 00:00:00 grep --color=auto nginx
[root@kdjf-x2z7 ~]# which nginx
/usr/sbin/nginx
[root@kdjf-x2z7 ~]# find / -name nginx.conf
/etc/nginx/nginx.conf
/var/www/vhosts/system/cremation.plus/conf/nginx.conf
If that still fails to find anything, then show the file:
/etc/nginx/nginx.conf
Like open it in Vim? Not sure what you mean by show.
cat /etc/nginx/nginx.conf