LetsEncrypt Certificate Not Used - Apache Config Points to Another Certificate


#1

I’m trying to set up a site with ssl using Let’s Encrypt but I am having an issue getting a valid certificate.

virtualhosts.conf:

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
    ServerName uat.itccompliance.co.uk
    ServerAdmin webmaster@itccompliance.co.uk

    DocumentRoot "/var/www/httpdocs"

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =uat.itccompliance.co.uk
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=permanent]
</VirtualHost>

vitualhosts-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName uat.itccompliance.co.uk
    ServerAdmin webmaster@itccompliance.co.uk

    DocumentRoot "/var/www/httpdocs"

    RewriteEngine on
 Some rewrite rules in this file were disabled on your HTTPS site,
 because they have the potential to create redirection loops.

     RewriteCond %{SERVER_NAME} =uat.itccompliance.co.uk
     RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/uat.itccompliance.co.uk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/uat.itccompliance.co.uk/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/uat.itccompliance.co.uk/chain.pem
</VirtualHost>
</IfModule>

My domain is:
uat.itccompliance.co.uk

I ran this command:
sudo /usr/local/bin/certbot-auto

It produced this output:
Created an SSL vhost at /etc/httpd/conf.d/virtualhosts-le-ssl.conf
Deploying Certificate for uat.itccompliance.co.uk to VirtualHost /etc/httpd/conf.d/virtualhosts-le-ssl.conf
Please choose whether HTTPS access is required or optional.

1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Enhancement redirect was already set.


Congratulations! You have successfully enabled https://uat.itccompliance.co.uk

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=uat.itccompliance.co.uk

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/uat.itccompliance.co.uk/fullchain.pem. Your
    cert will expire on 2017-08-07. To obtain a new or tweaked version
    of this certificate in the future, simply run certbot-auto again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot-auto renew”

  • Some rewrite rules copied from /etc/httpd/conf.d/virtualhosts.conf
    were disabled in the vhost for your HTTPS site located at
    /etc/httpd/conf.d/virtualhosts-le-ssl.conf because they have the
    potential to create redirection loops.

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My operating system is (include version):
centos 6.6

My web server is (include version):
apache 2.2Preformatted text


#2

Hi @robbiedyer,

It looks like you did get a valid certificate, but it just isn’t being used by Apache for some reason. I think changes to your Apache configuration will make it work, though I don’t immediately have a suggestion to offer.


#3

Ah yes, turned out the ssl.conf had another default virtualhost in it. Problem sorted. Thanks!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.