Apologies for delay, been caught up in this virus thing!
I need to get a .crt certificate for localhost.crt as found this is what is used by apache for the server, not the server web name. It also needs ca-bundle.crt and ca-bundle.trust.crt as all called from within the htppd and ssl conf files
If you mean you need files named localhost.crt and so forth, containing a certificate for your real website name:
Why? Can't you modify the Apache configuration?
Can you replace the files with symlinks to the appropriate targets in /etc/letsencrypt/live/? (This might be more complicated if things like Docker or SELinux are involved, but normally it should be easy.)
Thanks for all this, perhaps I need to clarify in one reply. Server is Centos7 running multiple VPS web servers and mailboxes all now set up with SSL. The main httpd.conf file has the server host defined as port 80 and port 443 in a Vhost config file and points to cerets at /etc/letencrypt/live/server.watchet.net
server.watchet.net uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is not valid for the name server.watchet.net. The certificate expired on 11 March 2017 11:42. The current time is 16 March 2020 10:57.
On a search there are 3 certs at /etc/pki/tls/certs where they are âca-bundle.crt, ca-bundle.trust.crt, localhost.crtâ and these are with the same date as mentioned above. There are also some certs at /etc/pki.tls/private including localhost.key
More research shows these are referred to from /etc/httpd/conf.d/ssl.conf where there are entries
Server Certificate:
Point SSLCertificateFile at a PEM encoded certificate. If
the certificate is encrypted, then you will be prompted for a
pass phrase. Note that a kill -HUP will prompt again. A new
certificate can be generated using the genkey(1) command.
Sorry, but although a programmer I can not get my head around what is happening! Yes I can change and test the lines in ssl.conf but not sure what I need to point them to!