After using the old certificate renewal system up till 90 days ago I now went thru the certbot installation for my server and generated all .pem files. Previously I had been generating certificate.crt and privatekey.crt files that worked just fine with my setup. But now I’m the proud owner of .pem files that I left with the same filename and in the same place as they were when generated (something we are told to do in the README), but when I update my /etc/httpd/mpowr-me.net.conf file to point to where the new .pem files live I no longer get SSL security when I do my security check. Again, when I had .crt files instead of .pem files there was no problem whatsoever. Any idea what might be going on here. Is it a permissions thing? Or perhaps OpenSSL wants me to convert from .pem to .crt?
In 99,99 % of cases, the contents of any .pem or .crt file is exactly the same.
That said, I’m afraid I can’t help you any further. The description of your problem you’re giving isn’t very detailed: “(…) I no longer get SSL security when I do my security check.” is not specific enough to give you any further advice. Please help yourself by providing us more information like the actual warnings or errors from the Apache log file.
If you run certbot certificates, it should show you the file names and location for the active cert(s).
You should use those files in the Apache config file.
[there should be no need to convert anything to anything else]
I don’t know how OpenSSL plays any part in this “problem”…
Thanks for getting back to me on this. After reading your answer I did one last check at my Apache config file and noticed I had typed letsencrept instead of letsencrypt as part of the full directory name. This was the culprit. Thanks for your help in eliminating any other possible problems. Works just fine and having certbot on my server looks like it will be a much simpler way of doing things as compared to the old way of renewing my certificates.
As I mentioned in a previous mail the culprit was a typo: in my Apache config file I’d typed letsencrept instead of letsencrypt in the full directory name pointing to my new privkey.pem file. Thanks for getting back to me on this. Next time I’ll look long and hard at what I type before calling MAYDAY.
Thanks for getting back to me on this. Next time I’ll look long and hard at what I type before calling MAYDAY.