So follow up thought. I think I know why this happened. I am still running the certbot command manually and getting the PEM files. Then I manually copy them to ....
sudo mv ./cert1.pem /etc/ssl/certs/cert.pem
sudo mv ./privkey1.pem /etc/ssl/private/privkey.pem
sudo mv ./chain1.pem /etc/ssl/certs/chain.pem
Notice the /etc/ssl/certs dir? I bet I had the old intermediate cert in here as a result of this practice. Hmm.
Regards,
Adam Tyler
OMG!
There is so much wrong with that.
Please tell us you have since changed your (nearly sinful) ways!
Lol, now I’m embarrassed. I totally do still manually every 90 days issue the certbot command with DNS verification, manually go over to DNS and update txt records, then finally get a new set of chain,cert, and privkey pem files. I usually do this on my Windows desktop using WSL, then use WINSCP to move the files to two different Ubuntu/Apache web servers of mine. It’s sort of awful, but I’m not that familiar with the automated process.
For a long time I would copy the certs to the ssl directly with a name matching the day and time, rather than overwriting the old files. Then I would have to go into the default-ssl.conf and update the certificate name there. Bounce Apache service. One server is an ownCloud machine, the other is just a wordpress box.
-Adam
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.