Trouble getting letsencrypt certificate to work


#1

I ran certbot-auto to install a certificate for the url mafw.club. It finished successfully with the following message:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/mafw.club/fullchain.pem.

However, when I test it out at https://www.ssllabs.com/ssltest/analyze.html, it reports that I’m using a self-signed certificate (which is not trusted).

I tried commenting out the self signed certificate in the ssl.conf file but then restarting the httpd server failed.

Does the problem have something to do with the fact I’m using VirtualHosts?

Looking in /var/www/html/mafw.club/logs/error.log, I see the following errors:
[Sun Apr 09 16:07:11.207407 2017] [ssl:error] [pid 9899] AH02217: ssl_stapling_init_cert: Can’t retrieve issuer certificate!
[Sun Apr 09 16:07:11.207419 2017] [ssl:error] [pid 9899] AH02235: Unable to configure server certificate for stapling

Do I need to open ports on the firewall in order to get this to work?

I’m running Apache on Centos 7.1.


#2

How did you run the client in the first place? With certonly? Or some other way?

If you used certonly, you’ll need to install the certificate manually in your Apache configuration.


#3

No, I did not use certonly. I see the certificate information in the
following file: /etc/httpd/conf.d/vhods-le-ssl.conf

I guess I need to enable OSCP stapling. I’m testing using the website:
https://www.digicert.com/help/ and it reports:
OCSP Staple: Not Enabled
OCSP Origin: Not Enabled
CRL Status: Not Enabled

I’m trying to enable OSCP stapling using the instructions here:


But so far with no success.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.