My domain is: https://www.themarinerwatchet.com
My web server is (include version): Apache
The operating system my web server runs on is (include version): Centos 7
My hosting provider, if applicable, is: Self
I can login to a root shell on my machine - yes
I have changed a wordpress site on this VPS server and fixed all the redirects within wordpress but Firefox is showing security errors:
Firefox reports:- themarinerwatchet.com uses an invalid security certificate. The certificate is not trusted because it is
self-signed. The certificate is not valid for the name themarinerwatchet.com. The certificate expired on 11 March 2017 11:42. The current time is 28 January 2020 17:02. Error code: SEC_ERROR_UNKNOWN_ISSUER
However, checking the certificate it was recreated today and is valid for the domain mentioned and up to date.
Any clues please?
Baffled me completely and I am used to command line etc. (but not wordpress) to fins issues… ONLY clue is that I have non-used certifcate for www.watchetwebdesign.co.uk that DID expire in 2017 and is linked to the server root only.
PS - certbot installation shows:-
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/themarinerwatchet.co.uk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/themarinerwatchet.co.uk/privkey.pem
Your cert will expire on 2020-04-27. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew all of
your certificates, run “certbot renew”
.co.uk and .com are the same site and certificate covers both domains, www and no www
There are to my knowledge one self signed and expired certs for watchetwebdesign.co.uk but the mariners is up to date. i have used certbot to change all fo my domains to https with no problem at all - it is only this wordpress site with problems and I can not find why it is reproting this date. The .conf file for the domain is correct and updated by certbot to point to correct certificate.
the apachectl -S shows nothing wrong
I will try later to remove the wwdesign certs completely but someone else put there, so need to find dependancies before I do so
Your link is really useful so thanks for that
John
many thanks for suggestions. might be useful for others. The wordpress site was trying to access an unused (not needed) certificate for the server root.
Cut a long, long story short, In the ServerAlias lists in the virtualhost file had “lost” or I had typed wrong, the ServerName directive and only had all the ServerAlias directives, so (can’t find any documentation) if the ServerName directive is missing, then looks to the root FIRST. Our root was server.watchet.net which displayed holding page but adding https://server.watchet.net did not but jumped to our faulty page https://themarinerwatchet.co.uk
Great learning curve, but this migh tbe useful to others