Same server, different certifications


#1

Hi I am a web developer and poor in linux knowledge. I have this issue, same server and 5 sites on it, trying to convert the sites from http to https. I first try on this domain aispiemonte.it some time ago unsuccesfully than yesterday I try again an almost succecced. Almost becouse I was able to install a certificate but the certificate looks not valid. I was finally able to find a tutorial and to execute ./letsencrypt-auto --apache -d aispiemonte.it . Then try ./letsencrypt-auto --apache -d test.aispiemonte.it .
This the result
https://www.ssllabs.com/ssltest/analyze.html?d=aispiemonte.it
https://www.ssllabs.com/ssltest/analyze.html?d=test.aispiemonte.it
It looks like the certificate is not the let’s encrypt but a previous one probably coming form my first try following another tutorial… what can I do now? Can I kind of cancel the certificate and reissue it?
have a good day.

My domain is: aispiemonte.it / test.aispiemonte.it

I ran this command: ./letsencrypt-auto --apache -d aispiemonte.it

The operating system my web server runs on is (include version): CentOS 6.1

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): isp


#2

Please check what certs you have been able to get:
certbot certificates

I can see that the TEST site does have a good certificate.
You would need to replicate that example with the other sites.
Unfortunately, I don’t know about ISP control panel.

It would be OK to delete all the certs for the first site and start over - following the TEST site example.


#3

Also, the TEST site is using SSLv3 which is extremely outdated and insecure.


#4

Hi I finally try with
./certbot-auto delete --cert-name aispiemonte.it
and did again
./letsencrypt-auto --apache -d aispiemonte.it
and the certificate was generated again, but is exactly the same as before. However I don’t understand whay I have in the test
subject = test.aispiemonte.it
alternative name = test.aispiemonte.it
in the main domain
subject = AISP
alternative name = INVALID
and how can I ask the certificate tu be issued now with SSLv3 but with a more secure protocol?


#5

Hi,

It seems that the SSL certificate is not correctly installed (obtained but not installed) to the Apache web server.

Could you please check the apache server virtual hosts and see if there’s any ssl/tls virtual host that has the servername aispiemonte.it ?

Is the ISP referring to ISPconfig control panel? If so, what exact version is it?

Thank you


#6

Be sure to restart Apache afterwards.