That may work…
If it doesn’t, I’m still waiting for actual output of these:
grep -ri servername /etc/httpd/conf.d/
grep -ri serveralias /etc/httpd/conf.d/
[root@ip-172-31-18-163 httpd]# grep -ri 'centerstageticketing.com' ./conf.d/
./conf.d/ssl.conf:ServerAlias www.tix4.centerstageticketing.com
./conf.d/ssl.conf:SSLCertificateFile /etc/letsencrypt/live/tix4.centerstageticketing.com/cert.pem
./conf.d/ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/tix4.centerstageticketing.com/privkey.pem
./conf.d/ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/tix4.centerstageticketing.com/chain.pem
I'm not sure what the alias should be so I couldn't grep that
After removing the reference in
/etc/httpd/conf.d/le-redirect-zend.centerstage.com.conf
It did not change the behavior.
https://tix4.centerstageticketing.com/sites/sierrarep returns, site is not secure
https://www.tix4.centerstageticketing.com/sites/sierrarep works properly
Just type what you see - don’t change anything:
grep -ri servername /etc/httpd/conf.d/
grep -ri serveralias /etc/httpd/conf.d/
It was not intended to fix the security problem.
It was intended to allow you to renew a proper cert with both names in it.
Here's what I received:
[root@ip-172-31-18-163 httpd]# grep -ri servername /etc/httpd/conf.d/
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
/etc/httpd/conf.d/ssl.conf:ServerName zend.centerstage.com
/etc/httpd/conf.d/le-redirect-zend.centerstage.com.conf:ServerName zend.centerstage.com
[root@ip-172-31-18-163 httpd]# grep -ri serveralias /etc/httpd/conf.d/
/etc/httpd/conf.d/ssl.conf:ServerAlias samantha.centerstage.com
/etc/httpd/conf.d/ssl.conf:ServerAlias www.tix4.centerstageticketing.com
Rudy and Seth,
Are you guys still around? Or, have you quit for the day?
Bruce
Try renewing it manually again.
If it fails, show/attach:
/var/log/letsencrypt/letsencrypt.log
I would suggest editing the Apache configuration file to reflect all of the hostnames that you need (and none of the ones that you don’t), and then trying to run Certbot again. You will also probably eventually want to delete the duplicative cert, but perhaps only after getting one in place that covers everything that you want.
It is a little bit puzzling to see that you have so many names but only the single occurrence of ServerName — are all of these names supposed to refer to the same single virtual host serving the same content?
I’m not seeing the light (yet)…
But the show must go on!
Please show:
grep -ri 'servername|serveralias|80|443|certificate' /etc/httpd/conf.d/
Also, could there be any other relevant configuration files in /etc/httpd outside of /etc/httpd.conf.d?
Nothing was returned.
We have decided that this is simply too much work. We are going to start over with a new server. With AWS, that is not difficult.
And, we will install letsencrypt before we get too much time invested. We will let you know.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.