Author Topic: only self signed certificates issued  (Read 963 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
only self signed certificates issued
« on: September 29, 2023, 07:07:04 PM »
Hi,
My hostname seems only to generate a self signed certificate. I've made sure the dns has propagated and that the hostname has a proper "A" record pointing to the server, so there really isn't any reason why I can't generate a ssl certificate when I click on "Change hostname"
I've changed the host name to another domain and that too generates a self signed certificate.
All of the ports are open in the firewall as well as port forwarded in the router
I'm running Rocky Linux 8 and everything seems ok,

Offline
****
Re: only self signed certificates issued
« Reply #1 on: September 30, 2023, 09:56:51 AM »
You mentioned 'port forwarding' on a router.

Do you have both ports 80 & 443 open?

I'm guessing the server has an internal IP (e.g. 192.x or 10.x) then?

Offline
*
Re: only self signed certificates issued
« Reply #2 on: September 30, 2023, 02:12:47 PM »
Thanks for the reply.
Yes all firewalls have both ports open and nothing else is using port 80 or 443 other than CWP.

This may well be a Rocky Linux issue as I'm discovering that Apache is very, very sensitive to change. Turn on any settings for Mod security and Apache crashes and is very difficult to rebuild. Do any changes in Apache conf.d and Apache crashes, change main server from Apache to Apache and Nginx and Apache crashes.
Some of the domains I host have managed to get an ssl through auto ssl, and some simply won't, despite the fact that "A" records point to the server and dns is propagated weeks ago.

I've not had this problem before and all fingers point to Apache. This is the second Rocky Linux 8 build with similar problems.
I may revert to Centos 7 just to get the stability.
Anyone else had any issues with Apache  and Rocky Linux 8?

Offline
****
Re: only self signed certificates issued
« Reply #3 on: September 30, 2023, 05:36:59 PM »
I've heard Rocky has some issues.

We use AlmaLinux 8.x, and have not had any problems.
I would try that distro before going back to CentOS 7.

Offline
*
Re: only self signed certificates issued
« Reply #4 on: October 30, 2023, 02:09:56 PM »
I noticed, that my Almalinux 8 doesn't themselves generate certificate after old one expired.
Execute command:
sh /scripts/generate_hostname_ssl

will generate new certificate. After that you need
sh /scripts/restart_cwpsrv
sh /scripts/restart_httpd

Offline
****
Re: only self signed certificates issued
« Reply #5 on: October 30, 2023, 10:52:50 PM »
The hostname SSL has nothing to do wit the OS.

The hostname SSL has always been quirky.