How to Check if a SSL Certificate is successfully renewed
1) Remember - Apache uses either httpd.conf
or ssl.conf
depending on how Apache was configured - since ssl.conf
is preferred make sure the "failing" server is NOT using ssl.conf
instead.
2) Have you tried copying the httpd.conf
file from the working server to the "failing" server. If everything else is the same, that should make SSL work, if it doesn't everything is NOT the same on the two servers - double check
Related videos on Youtube
masa
Updated on September 18, 2022Comments
-
masa over 1 year
I have two web servers, one for an intranet and the other for a website. The system specs of the two are almost the same, which is as follows:
CentOS 6.5
LAMP (Apache/2.2.15) + WordPress, which were installed with yum commandI am trying to renew their wildcard SSL certificate with a new one, which I recently got from GoDaddy. The zip file sent from GoDaddy includes the followings:
c************.crt
gd_bundle-g2-g1.crt
gd_intermediate.crtThe two servers share the same private key (test.key), which I am going to use for the new certificate too. So the 2 steps below is all I did on both servers.
(Step 1)
Copy the three files above to /etc/pki/tls/certs directory and edit the /etc/httpd/conf/httpd.conf so the keys "SSLCertificateFile" and "SSLCertificateChainFile" point to the new respective file. The file looks like below after editting.<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/c************.crt SSLCertificateKeyFile /etc/pki/tls/private/test.key SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt <Directory /var/www/html> AllowOverride All </Directory> DocumentRoot /var/www/html ServerName *****.*********.com </VirtualHost>
(Step 2)
Restart the serverAfter the steps, I accessed both servers with google chrome and checked to see if the expiration date had changed. The expiration date on the intranet has changed like I had expected.
(before)
Valid from 6/17/2014 to 6/17/2015
(after)
Valid from 5/18/2014 to 6/17/2016But the date on the website is still the same. Is there any other way to check if the certificate is successfully renewed? Or is there anything wrong about the steps I followed? I did not get any errors when I went through the steps and I am thinking that there might be some more steps I need to do to get a wildcard certificate to work.
-
David Nilson almost 9 yearsWhy haven't you installed the GoDaddy Secure Server Certificate (Intermediate Certificate) gd_intermediate.crt. without that you have a broken validation chain.
-
masa almost 9 yearsThank you for help me. That was because of my misconfiguration. By the way I don't really know the difference between gd_bundle-g2-g1.crt and gd_intermediate.crt. they both worked, so I just picked gd_bundle-g2-g1.crt. Should I always choose gd_intermediate.crt instead of gd_bundle-g2-g1.crt?
-
-
masa almost 9 yearsThank you! You saved me! I needed to edit SSLCertificateFile key in /etc/httpd/conf.d/ssl.conf. After restaring, it showed the new expiration date.