Hello, I’ve just run certbot-auto -d example.com --manual --preferred-challenges dns certonly to do a DNS verified renewal.
It worked and I got Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem
Great! but I am still getting invalid cert errors in my browser.
Running Apache 2.2.15 and CentOS 6.10
I have restarted my apache service, but that did not help
My vhost file conf file looks like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html/link/example
ServerName example.com
ErrorLog logs/error_log
CustomLog logs/access_log common
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d
RewriteRule ^ /router.php [QSA,L]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
</VirtualHost>
</IfModule>
Is there something further that needs to be done?
Hi,
Could you please tell us your real domain name?
This would definitely help us if we know what’s the exact error…
Also, did you also request www.example.com with example.com ? If not, that might throw an error when you visit www.example.com .
Thank you
Hi @truckcrash
the Google-CT shows your new certificate, so that part has worked.
What says
certbot certificates
apachectl configtest
apachectl fullstatus
apachectl -S
I am not familiar with Google-CT, but SSL Labs is reporting my cert is invalid:
https://www.ssllabs.com/ssltest/analyze.html?d=api.kaizenauto.com
Here is the output from those commands:
root|H [~]# certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: api.kaizenauto.com
Domains: api.kaizenauto.com
Expiry Date: 2019-07-16 23:25:20+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/api.kaizenauto.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/api.kaizenauto.com/privkey.pem
root|H [~]# apachectl configtest
Syntax OK
root|H [~]# apachectl fullstatus
Not Found
The requested URL /server-status was not found on this server.
--------------------------------------------------------------------------
Apache/2.2.15 (CentOS) Server at localhost Port 80
root|H [~]# apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443 is a NameVirtualHost
default server ip-50-62-133-208.secureserver.net (/etc/httpd/conf.d/ssl.conf:74)
port 443 namevhost ip-50-62-133-208.secureserver.net (/etc/httpd/conf.d/ssl.conf:74)
port 443 namevhost api.kaizenauto.com (/etc/httpd/vhost.d/api-le-ssl.conf:2)
*:80 is a NameVirtualHost
port 80 namevhost api.kaizenauto.com (/etc/httpd/vhost.d/api.conf:1)
Syntax OK
(*removed other domains for brevity)
If you create a certificate, it's listet in CT-logs.
Yes, you have created a new certificate, but you don't use it. Instead, you use your old expired certificate ( https://check-your-website.server-daten.de/?q=api.kaizenauto.com ):
CN=api.kaizenauto.com
17.01.2019
17.04.2019
1 days expired api.kaizenauto.com - 1 entry
And there is a bad request - http status 400:
So it looks that your configuration doesn't work, the namevhost api... may not be used. Try to remove (rename) your default server.
But you have two times ip-50-62-133-208.secureserver.net
.
Hello,
I made api.kaizenauto.com the default vhost, but that did not work - a certificate error was still shown.
Error code: SEC_ERROR_EXPIRED_CERTIFICATE
Given that when a security exception is added in the browser to allow it to load api.kaizenauto.com does work properly and serves the correct content, I’m inclined to believe it is not a matter of the config file not being loaded. Maybe there is something more nuanced there I am unaware of, but Apache does use that file to know where to serve content from.
system
Closed
May 18, 2019, 7:44pm
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.