That is the last step for today.
I did restart apache. But the cert still does not seem to secure the site.
That restart failed then.
I do still see the old cert too
What step(s) did you take?
/etc/httpd/sites-available/tcc.planchurch.com-le-ssl.conf
with just:
<VirtualHost *:443>
ServerName tcc.planchurch.com
DocumentRoot /var/www/tcc.planchurch.com/public_html
ErrorLog /var/www/tcc.planchurch.com/error.log
CustomLog /var/www/tcc.planchurch.com/requests.log combined
SSLCertificateFile /etc/letsencrypt/live/ch0101.planchurch.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ch0101.planchurch.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/ch0101.planchurch.com/chain.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
and then include that file into the main apache
config file.
I meant:
What step did you take to restart Apache
?
#apachectl restart
Now that you mention that - I though you chose the shorter option ...
Please show the output of:
apachectl -t -D DUMP_VHOSTS
# apachectl -t -D DUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
VirtualHost configuration:
*:80 is a NameVirtualHost
default server localhost.localdomain (/etc/httpd/conf.d/churchcrm.conf:1)
port 80 namevhost localhost.localdomain (/etc/httpd/conf.d/churchcrm.conf:1)
port 80 namevhost ch0101.planchurch.com (/etc/httpd/sites-enabled/ch0101.plnchurch.com.conf:1)
port 80 namevhost tcc.planchurch.com (/etc/httpd/sites-enabled/tcc.planchurch.com.conf:2)
*:443 is a NameVirtualHost
default server localhost.localdomain (/etc/httpd/conf.d/ssl.conf:62)
port 443 namevhost localhost.localdomain (/etc/httpd/conf.d/ssl.conf:62)
port 443 namevhost ch0101.planchurch.com (/etc/httpd/sites-available/ch0101.planchurch.com-le-ssl.conf:2)
port 443 namevhost tcc.planchurch.com (/etc/httpd/sites-available/tcc.planchurch.com-le-ssl.conf:2)
OK, then let's try all these (in order):
netstat -pant | grep -Ei 'apache|http'
apachectl stop
netstat -pant | grep -Ei 'apache|http'
apachectl start
netstat -pant | grep -Ei 'apache|http'
# netstat -pant | grep -Ei 'apache|http'
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 27142/httpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 27142/httpd
# apachectl stop
# netstat -pant | grep -Ei 'apache|http'
# apachectl start
# netstat -pant | grep -Ei 'apache|http'
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 27419/httpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 27419/httpd
#
That's just not possible!
It stops completely.
It restarts.
The PID changes - which proves it is NOT the same process.
But I still see the old cert
Exactly.
That cert isn't even on your server.
You are right. That is what I have been puzzled about right from the start
Please show:
df -h
and can you reboot the system?
Rebooted the server.
df -h
Filesystem Size Used Avail Use% Mounted on
/dev/simfs 30G 23G 7.8G 75% /
devtmpfs 2.5G 0 2.5G 0% /dev
tmpfs 2.5G 0 2.5G 0% /dev/shm
tmpfs 2.5G 76K 2.5G 1% /run
tmpfs 2.5G 0 2.5G 0% /sys/fs/cgroup
tmpfs 503M 0 503M 0% /run/user/0
Please show:
ps -ef | grep -Ei 'apache|http'
# ps -ef | grep -Ei 'apache|http'
root 147 1 0 16:16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 194 147 0 16:16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 195 147 0 16:16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 196 147 0 16:16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 197 147 0 16:16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 198 147 0 16:16 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
root 773 733 0 16:19 pts/0 00:
00:00 grep --color=auto -Ei apache|http
Please show:
curl ifconfig.co
# curl ifconfig.co
202.150.210.162
This IP address is the gateway IP in the ISP.
The server has the IP address: 202.150.210.171