I’ve posted the files at:
ftp://meso.gsfc.nasa.gov/agnes/tjackson/letsencrypt
File names:
SSL_Certificates.txt
ssl.conf
letsencript_list.txt
(This is one of the times when using Alpine for my email client isn’t
the best choice. I apologize.)
Ted
I’m sure this ssl.conf file and how it interacts with the virtual hosts is the problem in some way, though not immediately sure what to do about it.
It seems like the incorrect configuration in ssl.conf is taking precedence over the correct configuration in precip.active. The ServerName precip.gsfc.nasa.gov near the end of ssl.conf means the VirtualHost will match, so if that one is loaded first it will take precedence, and the cert and key it defines will be used instead of the correct ones.
Maybe try commenting out that line in ssl.conf, or change it to something like ServerName precip.gsfc.nasa.gov.example and see what happens?
O M G ! ! ! Success!
I first tried commenting out the line, but that didn’t work. Then I
added “.example” to the name and the test passed.
Thank you! Thank you! Thank you!
If it will help, I took a screen shot and placed in
ftp://meso.gsfc.nasa.gov/agnes/tjackson/letsencrypt
File name: Screenshot from 2017-02-03 15-34-46.png
I will provide additional configuration or log files if you think they
might be helpful in determining “Why” the most recent change resolved
the issue.
Thanks again,
Ted Jackson - Sysadm, Code 612
ADNET @ NASA/GSFC
There are those who look at things the way they are, and ask
why… I dream of things that never were, and ask why not?
Robert Kennedy
Glad you got it working!
So the way HTTPS virtual hosting works with Apache is: When the browser makes the initial request, it sends along the hostname as part of the TLS handshake. Apache looks through all the VirtualHost sections in its configuration, in the order in which they were loaded, until it finds one with a ServerName or ServerAlias matching the supplied hostname (and port number and network interface). This configuration is then used to serve that request, and all the other VirtualHost sections are ignored.
In your case, (it seems) you had at least two VirtualHost sections matching the hostname precip.gsfc.nasa.gov - one in ssl.conf and one in precip.active. The ssl.conf one must have been loaded first, because that was the one Apache found and used (as evidenced by the fact that the self-signed certificate referenced in that configuration was used instead of the correct one).
Adding .example simply changed the ServerName so that it no longer matched, which meant that the only (or first) match was now the one in precip.active, where the correct configuration resides.
If this is all correct, you could in theory delete the entire VirtualHost section from ssl.conf and it should still work.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.