Reset Apache SSL config
I have a fresh LAMP stack on CentOS 7. I tried installing an SSL certificate from Let's Encrypt using the CertBot, per this tutorial: https://certbot.eff.org/lets-encrypt/centos6-apache
The certificate install was successful, and I chose option 2: Redirect - Make all requests redirect to secure HTTPS access.
I got the following output:
Congratulations! You have successfully enabled https://www.synergyft.com and
https://synergyft.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.synergyft.com
https://www.ssllabs.com/ssltest/analyze.html?d=synergyft.com
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.synergyft.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.synergyft.com/privkey.pem
Your cert will expire on 2018-09-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew all of
your certificates, run "certbot renew"If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
HOWEVER… The https is not loading. The http site loads, but the https site produces the default Apache page. So as suggested, I used the totorial at https://www.linode.com/docs/security/ssl/ssl-apache2-centos/ to try and fix the configuration of Apache to use my new SSL certificate. Still not working, and yes, I did restart Apache numerous times. Is there any way I can reset the Apache configuration to the way it was before, so I can start fresh? Wondering if Certbot set some configuration that is conflicting with something. I assume I do not need to reinstall the actual certificate. Hoping someone has a suggestion… Thanks!
3 Replies
It looks like the current SSL certificate being used for synergyft.com is self-signed and lists 'synft' as the subject. If this is the hostname for your Linode it may be that your site isn't using the CerBot SSL certificate quite yet. I'd recommend double checking /etc/httpd/conf.d/ to see if there's any other configuration files that have an SSL certificate included in the configuration. Sometimes SSL certificates can be defined for a site in more than one place, and one will be used over the other.
As for resetting the Apache configuration you could use the following command to remove Apache and most configuration files:
yum remove
Then, double check /etc/httpd/ for any leftover configuration files. Afterwards, reinstall Apache and it should be as it was before any changes were made. I'd recommend making any copies of any Apache configurations or files beforehand just in case you need to reference them later, or if you would like to restore the configuration you have now.
You won't need to recreate the certificate if you reinstall Apache but you'll need to set up the new Apache virtual host configuration to point to the certificate files manually. Part of the automatic CertBot setup is editing the Apache configuration to look in the right place for the newly created certificates.
As far as other configuration files located in /etc/httpd/conf.d/ here is a listing:
cd /etc/httpd/conf.d/
[root@synft conf.d]# ls
autoindex.conf php.conf README ssl.conf ssl.conf.save userdir.conf vhost.conf welcome.conf
I assume only "ssl.conf" is relevant to SSL configuration correct?
Here's the SSL configuration in that file:
<virtualhost *:443="">
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/www.synergyft.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.synergyft.com/privkey.pem</virtualhost>
SSLCACertificateFile /etc/pki/tls/certs/root-certificate.crt #If using a self-signed certificate or a root certificate provided by ca-certificates, omit this line
ServerAdmin mark@synergyft.com
ServerName www.synergyft.com
DocumentRoot /var/www/synergyft.com/public_html/
ErrorLog /var/www/synergyft.com/logs/error.log
CustomLog /var/www/synergyft.com/logs/access.log combined
Also when I run ./certbot-auto certificates, I get this output:
Found the following certs:
Certificate Name: www.synergyft.com
Domains: www.synergyft.com synergyft.com
Expiry Date: 2018-09-23 18:48:23+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/www.synergyft.com/fullchain.pem