[Cialug] letsencrypt

[Dave Hala]

Hey.... I figured this out....  my host record for test didn't get moved
over to couldflare, so it apache wasn't picking it up.

Its all good now... time to finish it up...

:) Dave

On Sat, Jul 27, 2019 at 5:20 PM Dave Hala <dave at 58ghz.net> wrote:

> I'm working on a rhel8 server with two apache ssl hosts. (same ip).    I
> ran acme.sh to issue two letsencrypt certificates.  One for
> www.junipercm.net and one for *.junipercm.net.   In hindsight I probably
> should have only requested *.junipercm.net
>
> When I goto the site www.junipercm.net,  It reports the correct
> certificate. The certificate details show:
>
> DNS Name=*.junipercm.net
> DNS Name=sni.cloudflaressl.com
> DNS Name=junipercm.net
>
> When I goto the test.junipercm.net it reports the following:
>
> DNS Name=www.junipercm.net
> DNS Name=sni.cloudflaressl.com
> DNS Name=junipercm.net
>
> It looks like  www.junipercm.net is using the wildcard cert and
> test.junipercm.net is using the www.junipercm.net certificate.
>
> Here's the vhost config www.junipercm.net.  test.junipercm.net is
> identical but with a different document root.
>
> <VirtualHost *:443>
>
>    SSLEngine On
>    SSLCertificateFile /etc/pki/tls/certs/httpd.crt
>    SSLCertificateKeyFile /etc/pki/tls/private/httpd.key
>
>    ServerName www.junipercm.net
>    ServerAlias junipercm.net
>    DocumentRoot "/var/www/www.junipercm.net"
>
>    ErrorLog /var/log/httpd/junipercm_error.log
>    CustomLog /var/log/httpd/junipercm.log combined
>
> </VirtualHost>
>
> This doesn't make any sense. It's configured to use the cert in
> /etc/pki/tls/certs/ , but that isn't the cert it's using.  There must be a
> config file somewhere that was created by acme.sh that is overriding what
> is in the vhost, but I can't figure out where it is.  Anyone have any ideas?
>
> :) Dave
> --
> NIFCAP  -The Premier Client Intake System for Non-Profit Organizations.
> https://www.osis.us
>


-- 
NIFCAP  -The Premier Client Intake System for Non-Profit Organizations.
https://www.osis.us