[Cialug] letsencrypt
Dave Hala
dave at 58ghz.net
Sat Jul 27 22:20:52 UTC 2019
I'm working on a rhel8 server with two apache ssl hosts. (same ip). I
ran acme.sh to issue two letsencrypt certificates. One for
www.junipercm.net and one for *.junipercm.net. In hindsight I probably
should have only requested *.junipercm.net
When I goto the site www.junipercm.net, It reports the correct
certificate. The certificate details show:
DNS Name=*.junipercm.net
DNS Name=sni.cloudflaressl.com
DNS Name=junipercm.net
When I goto the test.junipercm.net it reports the following:
DNS Name=www.junipercm.net
DNS Name=sni.cloudflaressl.com
DNS Name=junipercm.net
It looks like www.junipercm.net is using the wildcard cert and
test.junipercm.net is using the www.junipercm.net certificate.
Here's the vhost config www.junipercm.net. test.junipercm.net is identical
but with a different document root.
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/httpd.crt
SSLCertificateKeyFile /etc/pki/tls/private/httpd.key
ServerName www.junipercm.net
ServerAlias junipercm.net
DocumentRoot "/var/www/www.junipercm.net"
ErrorLog /var/log/httpd/junipercm_error.log
CustomLog /var/log/httpd/junipercm.log combined
</VirtualHost>
This doesn't make any sense. It's configured to use the cert in
/etc/pki/tls/certs/ , but that isn't the cert it's using. There must be a
config file somewhere that was created by acme.sh that is overriding what
is in the vhost, but I can't figure out where it is. Anyone have any ideas?
:) Dave
--
NIFCAP -The Premier Client Intake System for Non-Profit Organizations.
https://www.osis.us
More information about the Cialug
mailing list