[BlueOnyx:23703] Re: certificate issues 5209R letsencrypt
Michael Stauber
mstauber at blueonyx.it
Mon Mar 2 12:19:15 -05 2020
Hi Larry,
> <quote>
> [Mon Mar 02 11:00:52.647751 2020] [mpm_prefork:notice] [pid 9103] AH00171:
> Graceful restart requested, doing restart
> [Mon Mar 02 11:00:52.701666 2020] [ssl:error] [pid 9103] AH02217:
> ssl_stapling_init_cert: can't retrieve issuer certificate! [subject:
> CN=server.name.tld / issuer: CN=Let's Encrypt Authority X3,O=Let's
> Encrypt,C=US / serial: 0366429D750203BF003271A38409CF74187F / notbefore: Mar
> 2 16:05:17 2020 GMT / notafter: May 31 16:05:17 2020 GMT]
> [Mon Mar 02 11:00:52.701681 2020] [ssl:error] [pid 9103] AH02235: Unable to
> configure server certificate for stapling
> [Mon Mar 02 11:00:52.701862 2020] [mpm_prefork:notice] [pid 9103] AH00163:
> Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_perl/2.0.9-dev Perl/v5.16.3
> configured -- resuming normal operations
> </quote>
> (changed server name above)
>
> and still get same fail from ssllabs (did not recheck digicert).
Hmm. No idea. Could be a couple of things.
Also see the OSCP-Stapling that's mentioned. Are you using Nginx as
SSL-Proxy? If so, restart Nginx and Apache as well for good measure.
If it's still not working at that point I'd probably try to delete the
intermediate certs, create a self signed cert and then once that's in
place try to get another LE cert via the GUI.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list