On my new VPS I issued an SSL certificate for my website and now I’m getting issues with an invalid self-signed being issued instead of an actual Lets Encrypt certificate.
In this case, I have these issues going on:
Google Chrome:
Subject Alternative Name missing
The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.
Now when I do openssl s_client -connect starprison.net:443 </dev/null or openssl s_client -connect starprison.net:443 </dev/null
The certificate information shows as invalid including the client certificate CA not being sent.
Now here’s what I did:
Ran sudo cerbot run to being installing the SSL certificate for my domain
SSL certificate installs successfully, however issues start to arise when I head to the internet
First, off I have the issue from the Google Chrome section including the certificate showing as self-signed
Today, servers use SNI for serving certificates for different virtual hosts sharing the same ip so the command that you should use to check your certificate is:
Those look fine - the Include /etc/letsencrypt/options-ssl-apache.conf is repeated more times than necessary, but it doesn’t seem like that would cause the problem you’re experiencing. I’d guess the problem is elsewhere in your configuration.
To help determine where, could you please post the output of:
Okay, looks like you’ve got another VirtualHost for the same domain name in /etc/httpd/conf.d/ssl.conf that seems to be taking precedence over the one in /etc/httpd/sites-available/starprison.net-le-ssl.conf. You can either remove it, or modify it to match the SSL configuration options from the correct one.