The operating system my web server runs on is (include version): CentOS 7
I can login to a root shell on my machine (yes or no, or I don’t know): yes
Chrome says: NET::ERR_CERT_AUTHORITY_INVALID
Press F12, under the security tab, I can see the certificate IS self-signed. I cannot understand at all.
FYI: I request kaltura.shisu.edu.cn cert in a Ubuntu 16.04 box 4-5 days ago, It worked wonderfully. But today I can not get it working, even by copying pem files from Ubuntu box.
With certonly you, as the name says, only get a certificate. You have to install it manually yourself that way. How did you install the certificate you acquired with certbot certonly?
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
ErrorLog "/opt/kaltura/log/kaltura_apache_errors_ssl.log"
CustomLog /opt/kaltura/log/kaltura_apache_access_ssl.log vhost_kalt
Include "/opt/kaltura/app/configurations/apache/conf.d/enabled.*.conf"
My request method:
[root@kaltura log]# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c’
to cancel): kaltura.shisu.edu.cn
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/kaltura.shisu.edu.cn.conf)
What would you like to do?
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for kaltura.shisu.edu.cn
Press 1 [enter] to confirm the selection (press ‘c’ to cancel): 1
Input the webroot for kaltura.shisu.edu.cn: (Enter ‘c’ to cancel): /root
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: kaltura.shisu.edu.cn
Please see the logfiles in /var/log/letsencrypt for more details.
The error didn’t occur last time, for the rate limit has not been reached.
Getting more and more certificates while none of them isn't being used isn't going to be of much help. Forget the rate limit, just get your most recent certificate working.
Did you reload your Apache after you added the SSL directives? Do you have other SSL directives that might override the Let's Encrypt ones?