Using certbot-generated SSL certificates wtih OpenSSL


After using the old certificate renewal system up till 90 days ago I now went thru the certbot installation for my server and generated all .pem files. Previously I had been generating certificate.crt and privatekey.crt files that worked just fine with my setup. But now I’m the proud owner of .pem files that I left with the same filename and in the same place as they were when generated (something we are told to do in the README), but when I update my /etc/httpd/ file to point to where the new .pem files live I no longer get SSL security when I do my security check. Again, when I had .crt files instead of .pem files there was no problem whatsoever. Any idea what might be going on here. Is it a permissions thing? Or perhaps OpenSSL wants me to convert from .pem to .crt?

My domain is:

I ran this command:

It produced this output:

My web server is (include version): Apache
The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

In 99,99 % of cases, the contents of any .pem or .crt file is exactly the same.

That said, I’m afraid I can’t help you any further. The description of your problem you’re giving isn’t very detailed: “(…) I no longer get SSL security when I do my security check.” is not specific enough to give you any further advice. Please help yourself by providing us more information like the actual warnings or errors from the Apache log file.

1 Like

If you run certbot certificates, it should show you the file names and location for the active cert(s).
You should use those files in the Apache config file.
[there should be no need to convert anything to anything else]

I don’t know how OpenSSL plays any part in this “problem”…

1 Like

Thanks for getting back to me on this. After reading your answer I did one last check at my Apache config file and noticed I had typed letsencrept instead of letsencrypt as part of the full directory name. This was the culprit. Thanks for your help in eliminating any other possible problems. Works just fine and having certbot on my server looks like it will be a much simpler way of doing things as compared to the old way of renewing my certificates.



As I mentioned in a previous mail the culprit was a typo: in my Apache config file I’d typed letsencrept instead of letsencrypt in the full directory name pointing to my new privkey.pem file. :blush: Thanks for getting back to me on this. Next time I’ll look long and hard at what I type before calling MAYDAY.

1 Like