Hi...happy new year... (now that's out of the way :).... this is my second time posting for help (not the same issue)... the first time I found a template of questions about my setup to fill out, but don't see that this time, so will improvise...
I am running apache httpd 2.4.6 on RHEL7.
Domain is uhero.hawaii.edu and www.uhero.hawaii.edu.
You will see "uhero-file" in the cert... this is, I believe, the A record name of the host, but I only want the cert to operate on the two CNAMEs as shown.
I installed certbot via yum with python2-certbot-apache package.
Here's what happened:
$ sudo certbot --apache --domains uhero.hawaii.edu,www.uhero.hawaii.edu
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for uhero.hawaii.edu
http-01 challenge for www.uhero.hawaii.edu
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Enabling site /etc/httpd/conf/httpd-le-ssl.conf by adding Include to root configuration
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.confPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf
Congratulations! You have successfully enabled https://uhero.hawaii.edu and
https://www.uhero.hawaii.edu
You should test your configuration at:
SSL Server Test: uhero.hawaii.edu (Powered by Qualys SSL Labs)
SSL Server Test (Powered by Qualys SSL Labs)
and then the usual boilerplate at the end. It looks like I've got a mismatch on names, but I don't understand what could cause this. Apparently I have "trust issues" lol. ACTUALLY this is the second time I've been through this cert-getting process. After initial failure and breaking my site royally, I deleted the old cert, and reverted my httpd configs (glad to be using git for this) back to a working (http) state. Figured I'd just go one more time from scratch. And yet, it still tells me that my cert is valid starting from Nov 29 2018, which might be the first time I requested a cert, but I thought I had deleted that cert?
And btw, I told it I wanted to redirect, but no redirect is happening. Which is just as well because it means I can leave the site as-is until Wed and probably no one viewing it - not expecting to use https - will notice the current cert problem.
Help much appreciated.