Author Topic: New SSL cert broke my server  (Read 563 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
New SSL cert broke my server
« on: May 09, 2024, 11:11:23 PM »
I have setup a new server with Almalinux 8.9 and CWP. I have installed Wordpress using Softaculous.

All worked well until I used the AutoSSL feature. It installed the cert ok - or so it told me - but on testing it failed.

I can now no longer access my site or CWP! It seems Apache is redirecting all traffic to https. How can I manually remove the redirect using bash?

I am used to using Ubuntu and the Apache config files are not where I expect to find them.

Any help would be appreciated :)
« Last Edit: May 09, 2024, 11:34:39 PM by kelvintronic »

Offline
*
Re: New SSL cert broke my server
« Reply #1 on: May 10, 2024, 09:06:35 AM »
UPDATE

I have been able to determine that after the ssl is applied apache fails to reload

The apache logs show:

Code: [Select]
[Fri May 10 17:05:49.017770 2024] [mpm_event:notice] [pid 961:tid 140570374529600] AH00489: Apache/2.4.57 (Unix) OpenSSL/1.1.1k configured -- resuming normal operations
[Fri May 10 17:05:49.017799 2024] [core:notice] [pid 961:tid 140570374529600] AH00094: Command line: '/usr/local/apache/bin/httpd'
[Fri May 10 17:14:31.454956 2024] [mpm_event:notice] [pid 961:tid 140570374529600] AH00493: SIGUSR1 received.  Doing graceful restart
[Fri May 10 17:14:31.459601 2024] [ssl:warn] [pid 961:tid 140570374529600] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri May 10 17:14:31.462758 2024] [ssl:emerg] [pid 961:tid 140570374529600] AH02565: Certificate and private key srv.mydomain:443:0 from /etc/pki/tls/certs/hostname.bundle and /etc/pki/tls/private/hostname.key do not match
[Fri May 10 17:14:31.462766 2024] [:emerg] [pid 961:tid 140570374529600] AH00020: Configuration Failed, exiting
[Fri May 10 17:17:28.914655 2024] [ssl:emerg] [pid 8464:tid 139796313911872] AH02565: Certificate and private key srv.mydomain:443:0 from /etc/pki/tls/certs/hostname.bundle and /etc/pki/tls/private/hostname.key do not match
AH00016: Configuration Failed

I have changed my servername above but the actual domain name and my server sub domain both resolve to my IP correctly.

Does the server on my local DNS need to be operating or can I rely on my domain name provider?


Offline
***
Re: New SSL cert broke my server
« Reply #2 on: May 10, 2024, 11:30:26 PM »
Seems your files /etc/pki/tls/certs/hostname.bundle and /etc/pki/tls/private/hostname.key was generated at different moments.
The best an easier step to you, is save your server certificate.

Just save the hostname of your server again, and CWP will generate your server certificate again.

Regards,
Netino