Have three certificates and one key. None of which match. How do I verify my SSL cert. and key, then install?
www.pfworks.org.crt (contains two certs.)
www.pfworks.org.issuer.crt
www.pfworks.org.key
What’s the public key? This can be used to identify which certificate it is connected to.
openssl pkey -in www.pfworks.org.key -noout -text_pubHi @pfworksinc1
you have already created three identical certificates in the last days ( https://check-your-website.server-daten.de/?q=pfworks.org ):
| CertSpotter-Id | Issuer | not before | not after | Domain names | LE-Duplicate | next LE |
|---|---|---|---|---|---|---|
| 919798419 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-05-19 06:56:59 | 2019-08-17 06:56:59 | pfworks.org, www.pfworks.org | ||
| 2 entries | duplicate nr. 1 | |||||
| 916893446 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-05-17 12:00:09 | 2019-08-15 12:00:09 | pfworks.org | ||
| 1 entries | duplicate nr. 1 | |||||
| 916887588 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-05-17 11:59:10 | 2019-08-15 11:59:10 | www.pfworks.org | ||
| 1 entries | duplicate nr. 1 | |||||
| 848729587 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-04-05 13:05:57 | 2019-07-04 13:05:57 | pfworks.org, www.pfworks.org | ||
| 2 entries |
And you use the certificate created yesterday:
CN=www.pfworks.org
19.05.2019
17.08.2019
expires in 89 days
pfworks.org, www.pfworks.org - 2 entries
So both connections are secure, the certificate is already installed.
Check your Apache vHost to find the two rows
SSLCertificateKeyFile /etc/ssl.key/example.com.key
SSLCertificateFile /etc/ssl.crt/example.com.crt
then you know the correct version.
I found the pair that match. Do I simply delete the other two certificates?
First, make a backup.
How did you create these certificates? If you have used Certbot, use
certbot certificates
to find the certificatename, then
certbot delete certificatename
then restart your webserver to see, if that works. If that doesn't work, you have deleted the wrong files, so you need your backup.
Two of the certs (1matched and 1 unmatched) are in the same file. They were issued through Let’s Encrypt. I honestly cannot tell you how the cert were generated.
Well, it wasn’t via certbot.
if it’s in same file isn’t it intermediate certificate?
roots keys signs intermediate, and intermediate signs user’s certificate.
Then don't delete something.
Letsencrypt certificates are only 90 days valid, so there is no need to delete active certificates.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.