SSL Certificate Problem (Solved)

I have enabled SSL website for Virtual Server and then installed The SSL certificate from Let’s Encrypt. The SSL section in Server Configuration shows:
Issuer name Let’s Encrypt Authority X3
Issuer organization Let’s Encrypt Expiry date Oct 20 23:06:19 2020 GMT
Certificate type Signed by CA

However while trying to access the SSL version of website I get Security threat and it shows the expired self signed server.

The files are in correct location /home/surajclinic and the httpd.conf file shows their location correctly referenced:

SSLCertificateFile /home/surajclinic/ssl.cert
SSLCertificateKeyFile /home/surajclinic/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/surajclinic/ssl.ca

https://surajclinic.com shows security alert.

What can be the fix?

I don’t have a solution to the problem that you have described but I can confirm that you are doing everything right and the looking at the right places for the right files.

I am quite clueless about why the domain is using self-signed certificates in spite of your having generated certificates from Let’s Encrypt.

I think you need to restart Apache (or whatever webserver) for it to use the new certificate.
Did you use Virtualmin’s GUI to get and install the Let’s Encrypt certificate?

I did from the Virtualmin GUI. When that didn’t work I did the manual method using ZeroSSL certificate. Here’s the screens from within Virtualmin showing the certificate correctly installed. Still site is not secured. And yes, Apache is restarted after every attempt.

Just a shot in the dark – but I wonder if the problem could have anything to do with ZeroSSL changing their validation directory from ./well-known/acme-challenge to ./well-known/pki-validate a few months ago. Your certificate appears to be installed but could actually be overlapping certs, which would explain why Apache can’t serve a legit https session.

I need to give up. I backed up everything. Deleted the Virtual server within Virtualmin, reconfigured it again. Restored files and databases. Installed Let’s Encrypt SSL cert. Still same issue.

Only an OS reinstall might be the solution because I’ve got this working on other systems with Virtualmin.
But OS install is not going to be right now. :frowning:

Solved.

Since it was taking the generic self signed certificate, it was over riding the domain specific instructions in httpd.conf by instructions from ssl.conf

Commented out the entire virtualhost section in ssl.conf located in /etc/httpd/conf.d/ and everything works now.

Thanks all for helping.

1 Like