Multiple Certs. and 1 Unmatched Key

Have three certificates and one key. None of which match. How do I verify my SSL cert. and key, then install? (contains two certs.)

What’s the public key? This can be used to identify which certificate it is connected to.

openssl pkey -in -noout -text_pub

Hi @pfworksinc1

you have already created three identical certificates in the last days ( ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
919798419 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-19 06:56:59 2019-08-17 06:56:59,
2 entries duplicate nr. 1
916893446 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-17 12:00:09 2019-08-15 12:00:09
1 entries duplicate nr. 1
916887588 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-17 11:59:10 2019-08-15 11:59:10
1 entries duplicate nr. 1
848729587 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-04-05 13:05:57 2019-07-04 13:05:57,
2 entries

And you use the certificate created yesterday:
expires in 89 days, - 2 entries

So both connections are secure, the certificate is already installed.

Check your Apache vHost to find the two rows

SSLCertificateKeyFile /etc/ssl.key/
SSLCertificateFile /etc/ssl.crt/

then you know the correct version.

I found the pair that match. Do I simply delete the other two certificates?

First, make a backup.

How did you create these certificates? If you have used Certbot, use

certbot certificates

to find the certificatename, then

certbot delete certificatename

then restart your webserver to see, if that works. If that doesn’t work, you have deleted the wrong files, so you need your backup.

Two of the certs (1matched and 1 unmatched) are in the same file. They were issued through Let’s Encrypt. I honestly cannot tell you how the cert were generated.

Well, it wasn’t via certbot.

if it’s in same file isn’t it intermediate certificate?
roots keys signs intermediate, and intermediate signs user’s certificate.

Then don’t delete something.

Letsencrypt certificates are only 90 days valid, so there is no need to delete active certificates.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.