[BlueOnyx:23704] Re: certificate issues 5209R letsencrypt
Larry Smith
lesmith at ecsis.net
Mon Mar 2 13:03:11 -05 2020
On Mon March 2 2020 11:19, Michael Stauber wrote:
> Hi Larry,
>
> > <quote>
> > [Mon Mar 02 11:00:52.647751 2020] [mpm_prefork:notice] [pid 9103]
> > AH00171: Graceful restart requested, doing restart
> > [Mon Mar 02 11:00:52.701666 2020] [ssl:error] [pid 9103] AH02217:
> > ssl_stapling_init_cert: can't retrieve issuer certificate! [subject:
> > CN=server.name.tld / issuer: CN=Let's Encrypt Authority X3,O=Let's
> > Encrypt,C=US / serial: 0366429D750203BF003271A38409CF74187F / notbefore:
> > Mar 2 16:05:17 2020 GMT / notafter: May 31 16:05:17 2020 GMT]
> > [Mon Mar 02 11:00:52.701681 2020] [ssl:error] [pid 9103] AH02235: Unable
> > to configure server certificate for stapling
> > [Mon Mar 02 11:00:52.701862 2020] [mpm_prefork:notice] [pid 9103]
> > AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_perl/2.0.9-dev
> > Perl/v5.16.3 configured -- resuming normal operations
> > </quote>
> > (changed server name above)
> >
> > and still get same fail from ssllabs (did not recheck digicert).
>
> Hmm. No idea. Could be a couple of things.
>
> Also see the OSCP-Stapling that's mentioned. Are you using Nginx as
> SSL-Proxy? If so, restart Nginx and Apache as well for good measure.
>
> If it's still not working at that point I'd probably try to delete the
> intermediate certs, create a self signed cert and then once that's in
> place try to get another LE cert via the GUI.
Not using NGINX, but tried turning it on and get a Firefox error "failed
to make secure connection, certificate too long error". Had to connect
http and turn it off (still cannot connect secure again though).
What is the best way to delete all intermediate certs ?
--
Larry Smith
lesmith at ecsis.net
More information about the Blueonyx
mailing list