It seems like the incorrect configuration in ssl.conf is taking precedence over the correct configuration in precip.active. The ServerName precip.gsfc.nasa.gov near the end of ssl.conf means the VirtualHost will match, so if that one is loaded first it will take precedence, and the cert and key it defines will be used instead of the correct ones.
Maybe try commenting out that line in ssl.conf, or change it to something like ServerName precip.gsfc.nasa.gov.example and see what happens?
I will provide additional configuration or log files if you think they
might be helpful in determining “Why” the most recent change resolved
the issue.
Thanks again,
Ted Jackson - Sysadm, Code 612
ADNET @ NASA/GSFC
There are those who look at things the way they are, and ask
why… I dream of things that never were, and ask why not?
Robert Kennedy
So the way HTTPS virtual hosting works with Apache is: When the browser makes the initial request, it sends along the hostname as part of the TLS handshake. Apache looks through all the VirtualHost sections in its configuration, in the order in which they were loaded, until it finds one with a ServerName or ServerAlias matching the supplied hostname (and port number and network interface). This configuration is then used to serve that request, and all the other VirtualHost sections are ignored.
In your case, (it seems) you had at least two VirtualHost sections matching the hostname precip.gsfc.nasa.gov - one in ssl.conf and one in precip.active. The ssl.conf one must have been loaded first, because that was the one Apache found and used (as evidenced by the fact that the self-signed certificate referenced in that configuration was used instead of the correct one).
Adding .example simply changed the ServerName so that it no longer matched, which meant that the only (or first) match was now the one in precip.active, where the correct configuration resides.
If this is all correct, you could in theory delete the entire VirtualHost section from ssl.conf and it should still work.