Lets Encrypt installed but not work

P

parsibox

Verified User
Joined
Apr 18, 2013
Messages
49
hi
i use directadmin 1.513000
i setup for my domain https://www.mohsendavari.ir/
Code: 
Certificate Hosts 	mohsendavari.ir, www.mohsendavari.ir
  	Certificate Expiry 	Jun 9 06:42:00 2017 GMT
but it say this is expired
Code: 
This certificate has expired (1 days ago).
my setting :
Code: 
[root@linux custombuild]# /usr/local/directadmin/directadmin c | grep letsencrypt
letsencrypt=1
letsencrypt_renewal_days=60
letsencrypt_max_requests_per_week=20
letsencrypt_multidomain_cert=2
letsencrypt_renewal_success_notice=0
letsencrypt_list=www:mail:ftp:pop:smtp
letsencrypt_list_selected=www
Code: 
[root@linux custombuild]# grep well-known /etc/httpd/conf/extra/httpd-alias.conf
Alias /.well-known /var/www/html/.well-known
Code: 
[root@linux directadmin]#  ./directadmin c | grep letsencrypt=
letsencrypt=1
Code: 
[root@linux directadmin]# /usr/local/directadmin/directadmin c | grep enable_ssl_sni
enable_ssl_sni=1
Code: 
<VirtualHost 94.232.175.176:443 >
	SSLEngine on
	SSLCertificateFile /usr/local/directadmin/data/users/mohsend/domains/mohsendavari.ir.cert
	SSLCertificateKeyFile /usr/local/directadmin/data/users/mohsend/domains/mohsendavari.ir.key
	SSLCACertificateFile /usr/local/directadmin/data/users/mohsend/domains/mohsendavari.ir.cacert
	ServerName www.mohsendavari.ir
	ServerAlias www.mohsendavari.ir mohsendavari.ir

Code: 
 SSL is currently enabled for this domain. You can disable it here.
 
Last edited:
i thing server not read my domaincertificate and it read
read this
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
not read this
/usr/local/directadmin/data/users/mohsend/domains/mohsendavari.ir.cert
i check cert file with command it is ok but httpd not use this
Code: 
openssl x509 -in /usr/local/directadmin/data/users/mohsend/domains/mohsendavari.ir.cert.combined  -text -noout

[root@linux custombuild]# openssl x509 -in /usr/local/directadmin/data/users/mohsend/domains/mohsendavari.ir.cert.combined -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
  xxxxxxxxxxxxxxxxxxxxxxxx
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
        Validity
            Not Before: Mar 11 06:42:00 2017 GMT
            Not After : Jun  9 06:42:00 2017 GMT
        Subject: CN=mohsendavari.ir
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
.....


but other is expire

Code: 
[root@linux custombuild]# openssl x509 -in  /etc/httpd/conf/ssl.crt/server.crt  -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:ab:e9:16:0e:88:fa:90:da:77:85:15:a2:50:2a:2a:c3:9b
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
        Validity
            Not Before: Dec 10 14:56:00 2016 GMT
            Not After : Mar 10 14:56:00 2017 GMT
        Subject: CN=mohsendavari.ir

how can i force httpd to read /usr/local/directadmin/data/users/mohsend/domains/mohsendavari.ir.cert.combined for my domain???
 
Last edited:
finaly i move my domain cert file to main server cert file place!!!! ( it is not correct way)
 
after renew Let's Encrypt problem is back
i can not understand why apache not read this user cert file
this is my config

SSLEngine on
ServerName www.mohsendavari.ir
ServerAlias www.mohsendavari.ir mohsendavari.ir
SSLCertificateFile /usr/local/directadmin/data/users/mohsend/domains/mohsendavari.ir.cert
SSLCertificateKeyFile /usr/local/directadmin/data/users/mohsend/domains/mohsendavari.ir.key
SSLCACertificateFile /usr/local/directadmin/data/users/mohsend/domains/mohsendavari.ir.cacert
Click to expand...
i think enable_ssl_sni=1 not work
[root@linux custombuild]# /usr/local/directadmin/directadmin c | grep enable_ssl_sni
enable_ssl_sni=1
Click to expand...
please help me
 
What is your OS version? What is your OpenSSL version?

I see that:

This certificate has expired (3 days ago).
Common name: mohsendavari.ir
SANs: mohsendavari.ir, www.mohsendavari.ir
Valid from March 10, 2017 to June 8, 2017
Serial Number: 0314508f417e5873d34e7772072880cf14a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: Let's Encrypt Authority X3
Click to expand...
 
os version
[root@linux ~]# lsb_release -a
LSB Version: :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 5.11 (Final)
Release: 5.11
Codename: Final
Click to expand...

openssl version :
[root@linux ~]# openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Click to expand...
 
i am going to buil apache
but how can i change ssl lib in apache build?
is this option correct ? ( my new librari is here /usr/local/ssl/lib )
"--with-ssl=/usr/local/ssl/lib" \
Click to expand...
 
Hey, you've got the idea?! Please search the forums for further instructions, there are similar threads and how-tos on the forums ;)
 
yes i got it but i can not build apache with new ssl lib
it is reading from old ssl lib
ldd /usr/sbin/httpd | grep ssl
libssl.so.6 => /lib64/libssl.so.6 (0x00002adf4310a000)
Click to expand...
 
Wrong path in --with-ssl directive.

You should

1. check ./configure --help of apache for more help,
2. check configure logs...
3. run lddconfig
4. search the forums ;)
 
You must log in or register to reply here.
Back
Top