This is more a general question. I am new to the LAMP side of things, coming from Microsoft Server and commercial certs for over a decade now. I also have a bit of a problem with terminology so you'll have to put on your talking to idiots hat as I try to communicate.
Domain:www.mcksa.com (currently intentionally shut down as it is a site for my personal growth)
Web Server: Rocky Linux 8.7 on Proxmox
I have both physical and root access to the machine
Every single step to set up and secure an Apache website has been a fight but nonetheless, I figured it all out, got a cert issued and had https successfully operational as of last night.
I ran a check with ssllabs and saw the certname and domains were different. I quickly figured out it was the www that was throwing things off so I researched how to reissue the cert. Note, during the original set up, I did the "certonly" route.
When I reissued, I did not type "certonly" but I did add both of the domains properly. The cert was successfully created but then added mcksa.com.conf files (one for each domain) in new locations. These new .conf files mirrored the existing virtual host file but with extra stuff in them. Httpd will not restart and gives a litany of errors, none of which are even mildly recognizable.
I feel like I should burn it to the ground and start over. It certainly won't take nearly as long to figure out this time. I also apologize but I will not be able to provide logs or things like that until later this evening.
Thank you. I would like to attempt to fix it but once it installed the certs, I'm having doubts that it is salvageable. I'll get the results for the vhosts dump later this evening.
If anything, it's a learning experience.
Certbot has the option to revert the changes it made to webserver configurations with the certbot rollback subcommand, but the Certbot documentation does not mention it for the Apache plugin? Weird.
Passing arguments to httpd using apachectl is no longer supported.
Edit: I was hastily typing the reply so I forgot this... I added httpd after typing apachectl and got a response for the location of both .conf files for www and * but nothing else.
then I did the rollback, which revealed that it was looking for stuff i'd commented out in the earlier desperate attempt to undo what was done. Simply un-commented what i'd commented out and then re-ran rollback.
The rollback worked wonderfully though unexpectedly the cert was still updated with the proper domains. I assumed it would "roll back" and eliminate the updated domains and such.
I'm glad I didn't nuke the site. This was far easier. I sat down this evening expecting a fight and I am pleasantly surprised.
Good to hear you made progress. If you want to make sure all is clean please show these results. But, as my Notes said, and you saw in the error message, substitute httpd for apachectl like:
Certificate Name: mcksa.com
Serial Number: s0m3 s3r1al numb3r>
Key Type: RSA
Domains: mcksa.comwww.mcksa.com
Expiry Date: 2023-07-20 01:55:37+00:00 (VALID: 88 days)
Certificate Path: the same path as the original one
Private Key Path: also the same path as the original one
