My domain is: www.reviewboosttracker.com
I ran this command:
My web server is (include version): Apache 2.4.7
The operating system my web server runs on is (include version):
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
I cannot remember, but I assume when I configured the server in 2018 I created a self-signed cert and configured the system to use it; At some point I installed certbot and switched over.
Just recently someone pointed out that the www version of the site is broken – it points the default apache site and not where it’s supposed to. Also the site is insecure and I can see it’s using a self-signed cert.
I have looked hard and I can’t figure out where the self-signed cert is coming from.
The only code in the vhosts is what certbot added and looks right.
I suspect it’s in the ssl.conf file, but when I try to comment out the lines:
I have no idea how I did this or how I can undo it.
I’ve grep everything I can think of and I can’t find where the cert is coming from.
At my wits end
There are multiple domains and it seems that the ServerAlias is the key. Whatever is the ServerName works and whatever is the Alias is using the bogus cert.