Removed old godaddy cert replaced with LE Certs but not working


#1

I tried to remove an old godaddy issued certificate an use a new certbot certificate.

I edited the shoppercredit.com.conf file to remove the 443 section, then restarted apache and then ran the sudo letsencrypt --apache -d shoppercredit.com,www.shoppercredit.com to issue the certificates.

Everything seemd to work ok, but the site doesn’t provide a secure connection and won’t load.

I ran a test on ssllabs.com and it came back fine.

I’m assuming I’m missing a reference to the old certificates somewhere but I can’t find any references to it in the httpd.conf file or the ind virt server files.

Any insights appreciated.

  • Jefffrey

My domain is: www.shoppercredit.com

I ran this command: sudo letsencrypt --apache -d shoppercredit.com,www.shoppercredit.com

It produced this output: executed successfully

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS Linux 7
Linux 4.17.17-x86_64-linode116 x86_64

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Hi @JeffreyUPI

your server sends http over port 443 ( https://check-your-website.server-daten.de/?q=shoppercredit.com ):


Domainname Http-Status redirect Sec. G
http://shoppercredit.com/
45.79.168.124 200 0.383 H
http://www.shoppercredit.com/
45.79.168.124 200 0.390 H
https://shoppercredit.com/
45.79.168.124 -4 0.434 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
https://www.shoppercredit.com/
45.79.168.124 -4 0.423 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
http://shoppercredit.com:443/
45.79.168.124 200 0.390 Q
http://www.shoppercredit.com:443/
45.79.168.124 200 0.407 Q

http works, but https has a special error - “unexpected packet format”. Then the tool checks if http is sent over port 443 - and that works.

So there is no https configured. Or you have something like a router that sends https traffic to the http port.


#3

Thanks - that got it! I needed to delete and relink my sites-enabled file for the virtual server to pick up the new ssl config file certbot created and that was enough info to get me looking in the correct place.


#4

Yep, now your https works. Now you may add redirects http -> https and a redirect non-preferred version -> preferred version (www or non-www).

So that users don’t use the http version and only one result page is used.


#5

Thanks, I have added that back in as well. Thanks for your help!


closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.