View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Reset Apache SSL config
Log in to Ask a Question

Reset Apache SSL config

I have a fresh LAMP stack on CentOS 7. I tried installing an SSL certificate from Let's Encrypt using the CertBot, per this tutorial: https://certbot.eff.org/lets-encrypt/centos6-apache

The certificate install was successful, and I chose option 2: Redirect - Make all requests redirect to secure HTTPS access.

I got the following output:

Congratulations! You have successfully enabled https://www.synergyft.com and
https://synergyft.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.synergyft.com

https://www.ssllabs.com/ssltest/analyze.html?d=synergyft.com

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.synergyft.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.synergyft.com/privkey.pem
    Your cert will expire on 2018-09-23. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the "certonly" option. To non-interactively renew all of
    your certificates, run "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

HOWEVER… The https is not loading. The http site loads, but the https site produces the default Apache page. So as suggested, I used the totorial at https://www.linode.com/docs/security/ssl/ssl-apache2-centos/ to try and fix the configuration of Apache to use my new SSL certificate. Still not working, and yes, I did restart Apache numerous times. Is there any way I can reset the Apache configuration to the way it was before, so I can start fresh? Wondering if Certbot set some configuration that is conflicting with something. I assume I do not need to reinstall the actual certificate. Hoping someone has a suggestion… Thanks!

3 Replies

Linode Staff

It looks like the current SSL certificate being used for synergyft.com is self-signed and lists 'synft' as the subject. If this is the hostname for your Linode it may be that your site isn't using the CerBot SSL certificate quite yet. I'd recommend double checking /etc/httpd/conf.d/ to see if there's any other configuration files that have an SSL certificate included in the configuration. Sometimes SSL certificates can be defined for a site in more than one place, and one will be used over the other.

As for resetting the Apache configuration you could use the following command to remove Apache and most configuration files:

yum remove

Then, double check /etc/httpd/ for any leftover configuration files. Afterwards, reinstall Apache and it should be as it was before any changes were made. I'd recommend making any copies of any Apache configurations or files beforehand just in case you need to reference them later, or if you would like to restore the configuration you have now.

You won't need to recreate the certificate if you reinstall Apache but you'll need to set up the new Apache virtual host configuration to point to the certificate files manually. Part of the automatic CertBot setup is editing the Apache configuration to look in the right place for the newly created certificates.

As far as other configuration files located in /etc/httpd/conf.d/ here is a listing:

cd /etc/httpd/conf.d/
[root@synft conf.d]# ls
autoindex.conf php.conf README ssl.conf ssl.conf.save userdir.conf vhost.conf welcome.conf

I assume only "ssl.conf" is relevant to SSL configuration correct?

Here's the SSL configuration in that file:

<virtualhost *:443="">
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/www.synergyft.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.synergyft.com/privkey.pem</virtualhost>

SSLCACertificateFile /etc/pki/tls/certs/root-certificate.crt #If using a self-signed certificate or a root certificate provided by ca-certificates, omit this line

 ServerAdmin mark@synergyft.com
 ServerName www.synergyft.com
 DocumentRoot /var/www/synergyft.com/public_html/

ErrorLog /var/www/synergyft.com/logs/error.log

CustomLog /var/www/synergyft.com/logs/access.log combined

Also when I run ./certbot-auto certificates, I get this output:

Found the following certs:
Certificate Name: www.synergyft.com
Domains: www.synergyft.com synergyft.com
Expiry Date: 2018-09-23 18:48:23+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/www.synergyft.com/fullchain.pem

Private Key Path: /etc/letsencrypt/live/www.synergyft.com/privkey.pem

Problem fixed. Uninstalled Apache and re-installed. That was the key…

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct