All Questions
Tagged with apache-2.4 ssl-certificate
154
questions
1
vote
1
answer
82
views
How to declare an explicit list of allowed client certificates in apache2 server
I use an apache2 server configured as a reverse proxy to access an internal service. To protect this service from unauthorized access I would like to use a certificate-based client authentication.
...
2
votes
0
answers
28
views
Client certificates and custom revoked html
I can configure Apache to authenticate users with client certificate and validate them via OCSP. Do you know how can I redirect the user to a custom html page if the certificate is revoked? The ...
0
votes
1
answer
25
views
ssl_issuer_unknown when connecting only to a certain <VirtualHost> with apache
I've this problem with my site configuration and ssl certificates. I've got two websites on the same machine running two different domains. Their respective ssl certificate is issued by Cloudflare and ...
4
votes
6
answers
16k
views
HTTPS compatibility issue with Chrome 116/117 ERR_SSL_PROTOCOL_ERROR
I'm having error ERR_SSL_PROTOCOL_ERROR since 2 day on my website for some reason.
Browsers tested
Windows Chrome 117.0.5938.132 : ERR_SSL_PROTOCOL_ERROR
Android Chrome 117.0.5938.61 : ...
0
votes
1
answer
412
views
Clients of a site are getting SSL_ERROR_HANDSHAKE_FAILURE_ALERT (Firefox) and ERR_BAD_SSL_CLIENT_AUTH_CERT (Chrome)
I'm running a site in AlmaLinux 8.8 (Centos) and Apache 2.4.56.
The site has a self-signed certificate.
When I access the site, I get the usual warning due to the self-signed certificate. After ...
0
votes
1
answer
311
views
SSL certificate not working for www subdomain on multiple domain setup
I have a LAMP server running CentOS Stream 8 and Apache 2.4.37. On this I have three domains (let's call them example.com, example.net & example.org). I have SSL certificates for each domain + the ...
0
votes
0
answers
324
views
wget doesn't accept HTTPS certificate (from letsencrypt) on some computers but does on others
I have the following situation:
On my www server (Apache2, Debian armhf) I have HTTPS certificate from letsencrypt.org by certbot.
When accessing the server from a browser (Firefox, Chromium) ...
0
votes
0
answers
691
views
Can't enable ssl on windows apache24
So, i've already sucessfully installed ssl certificates in apache virtual hosts (2 websites) but i'm unable to access them because every time I activate SSL in httpd.conf apache service wont start
<...
0
votes
2
answers
1k
views
APACHE CERTBOT ERROR
I'm configuring https on a local apache server using certbot but I get the error below:
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -...
1
vote
1
answer
467
views
TLS 1.2 client ignoring "Acceptable CA" list for Apache ClientCertificateRequest
I have TLS 1.2 mutual authentication working on Apache 2.4.54 with a self-signed CA and test clients on iOS and MacOS. Everything works, except the clients do not recognize the "Acceptable ...
1
vote
0
answers
305
views
The Let's Encrypt cert doesn't work on Apache and FreeBSD
Our server administrator installed via Certbot the free Let's Encrypt certificate on our server with FreeBSD. But the cert doesn't work and we can't understand how exaclty we should configure the file ...
0
votes
1
answer
326
views
Apache mod_md: procedure for handling multiple VirtualHosts?
I have a working setup for multiple virtual hosts on the same server, but there's a problem: all the server's SSL certificates are unnecessarily renewed, and moved, whenever a vhost is added.
In this ...
0
votes
1
answer
3k
views
Apache HTTPS not works, HTTP works
OS: Ubuntu Server 20.40.
WebServer: Apache2
SSL: OpenSSL
SSL Module enabled
SSL files copied on server
SSL site configurated (above the code)
Apache Syntax: OK
Firewall: disabled
HTTP request works
...
0
votes
0
answers
659
views
Apache SSL renewal keeps using old certificate
I have a website using Apache that runs on a GCP VM instance with a Google load balancer.
In total, I have 3 servers
I have changed the SSL certificate in the Google load balance configuration.
What I ...
0
votes
0
answers
443
views
Is it possible to verify TLS if a server doesn't provide an issuer cert?
I'm trying to configure Apache httpd v2.4 for LDAP authentication to AD. LDAPS certificates are issued by the internal CA. For whatever reason (I'm not on the AD team), neither our prod or non-prod ...
0
votes
1
answer
316
views
Apache serves with new and old SSL Root certificate
I am hosting a website at https://www.tabletop.cloud
A while back I switched from the DST Root CA X3 root certificate to the ISRG Root X1 certificate. When I access my website in every browser the SSL ...
1
vote
0
answers
793
views
Apache VirtualHost not loading correct certificate
We are running into issues with this seemingly simple configuration on Apache 2.4. We can't seem to obtain the correct certificate while using the Virtual Host site2.net. We always get site1.net's ...
0
votes
0
answers
3k
views
Can't restart apache (httpd.service) after replacing to new SSL cert (wildCard, working on other servers)
I have a wildcard SSL cert that I need to replace in all related servers. It worked fine in all of them but one. I go by the exact same process as in other apache servers, but when I replace the files ...
1
vote
1
answer
229
views
How many SSL certificates you need - aspnet core + Apache reverse proxy?
When you deploy aspnet core app on Linux you normally do it through reverse-proxy. I.e. Kestrel hosts the app and Apache handles the public internet traffic talking to Kestrel.
So Kestrel and Apache ...
0
votes
1
answer
2k
views
A valid Root CA Certificate could not be located, the certificate will likely display browser warnings
i'm trying to get Telegram Webhook working with my local machine but it doesn't make requests. I think it's bc of certificate issue
Here's what geocerts.com/ssl-checker says:
screenshot
Here's my ...
0
votes
1
answer
100
views
Apache SSL Installation [Not Duplicate]
I am trying to install ssl certificate on my ubuntu server 20.04
I have downloaded ssl files and put them in /home/ubuntu (will change once it works):
api_limitlesssoft_com_key.txt
api.limitlesssoft....
0
votes
1
answer
88
views
Can 2 websites www.example.com and www.example.eu reside on the same server
We have 2 websites and want to get a SSL-certificate for both:
www.example.de
www.otherExample.eu
Both sites reside on the same server under different root with their own config-file. With certbot I ...
0
votes
1
answer
976
views
apache how configure multi domain https redirection?
I've an apache running under AWS Elastic beanstalk. I've got several different domains and I want all of them to end in a specific domain name, in HTTPS.
The redirection from other domains e.g. https:/...
1
vote
2
answers
1k
views
How does Apache choose which certificate to use?
Currently Apache is hosting several sub domains with host certificates generated with certbot and a http challenge.
Now I want to setup a default virtual ssl host to redirect non-existing subdomains ...
1
vote
0
answers
423
views
Apache2: RADIUS authentication before rewrite engine HTTPS
I tried to set up a reverse proxy with HTTPS and Radius authentication. Unfortunately, I don't get an authentication query before it redirects to the HTTPS page. What did I do wrong?
<VirtualHost *:...
0
votes
0
answers
111
views
Strange behavior of Apache with a ssl certificate while DNS are propagating
Is there anywhere a cache for certificates for apache 2.4 under Debian 9 ?
While DNS are propagating on an hosting, I sometimes get wrong certificate (the one of the first hosting of the server in ...
0
votes
1
answer
435
views
Old LetsEncrypt SSL certificate still being served by EC2 instance
I'm working on renewing the SSL certificate for my websites. They are all running on the same EC2 instance with the same Apache server. Two of my domains recently expired so I also tried to remove ...
4
votes
1
answer
5k
views
Conditionally set SSL certificate request header in Apache
I have an Apache 2.4 server configured as a reverse proxy to accept incoming HTTPS requests and reverse-proxy them to another server over HTTP with custom HTTP headers containing any provided client ...
0
votes
1
answer
178
views
Single website with multiple certs
I have a website with 2 domain names.
1. name.org
2. server.university.edu/name
I have a wildcard cert to cover server.university.edu/name. If I get one from say, letsencryp.org, I'm not sure how to ...
0
votes
1
answer
2k
views
How to install letsencrypt wildcard certificates?
I am using certbot/letsencrypt from the EPEL repository with apache on CentOS 7 without any issues on "normal" domain names. The certbot tool recognizes server name aliases from the virtualhost config ...
0
votes
2
answers
353
views
SSL certificate mismatch, multi vendor website
I have a website hosted on *.mydomain.com, my Apache web server in conjunction with PHP will return/echo some plain text based on the subdomain provided. *.mydomain.com is secured with a wildcard SSL ...
2
votes
1
answer
314
views
Two VHost with same DocumentRoot but different SSL Certificate. Is that even possible?
I can do this : https://www.digicert.com/kb/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
But I need to do that (note that the DocumentRoot is the same on purpose) :
<VirtualHost *:...
1
vote
2
answers
1k
views
Different certificates for Let's encrypt
I have an apache webserver that uses certbot for Let's Encrypt SSL certificate.
Is it possible to have many separated certificates for each virtualhost managed?
Currently certbot works with only one ...
0
votes
1
answer
417
views
Apache, sslh, SSL certs, local app, and dockerised app
I've got a server which has been hosting a local app (Nextcloud) for a while with no issues, behind apache (2.4).
I'm also hosting an SSH server on port 443, for which I use sslh.
My LetsEncrypt ...
-1
votes
1
answer
1k
views
Apache 2.4.29: How to configure multiple
I tried configured multiple SSLCACertificateFile in single vhost but apparently apache is accepting only requests with ca_sha256.cer as root cert, is there a way to support both SSLCACertificateFile ...
1
vote
1
answer
987
views
apache does not see my new certs, still has expired certs
In typing this question I found this:
Apache seems to be using old expired certificate even though new one is installed
His issue is mine to a T, and all things he tried more or less I did too. The ...
1
vote
1
answer
4k
views
certbot-auto renew fails
I inherited a web-server that uses letsencrypt with certbot. At first I thought it seemed straight forward, but running certbot-auto renew fails. I then did a certbot-auto certonly --apache and that ...
1
vote
0
answers
2k
views
Server saying no TLS/SSL protocols available even though mod_ssl/openssl installed and enabled
I am trying to add SSL certs to my server but when I connect via a browser it throws an error (ERR_SSL_PROTOCOL_ERROR in Chrome).
This is confirmed using testssh (https://testssl.sh/)
Testing ...
1
vote
1
answer
174
views
SSL and www - handling redirect from https://mysite to https://www.mysite
So this is obviously a 2x2 matrix - www and non-www, against SSL and non-SSL.
I want all traffic to be directed to SSL and www.
Getting http://example.com and http://www.example.com over to https://...
0
votes
1
answer
319
views
managing digital certificates for email (postfix/dovecot) and DKIM
I am seeking to make emails my server sends have a higher reputation by implementing DKIM and DMARC. I already am passing SPF with the proper DNS entries.
I also have a working Postfix/Dovecot ...
0
votes
1
answer
147
views
Ngnix Reverse Proxy With SSL Certificate
I want to configure a proxy server with Ngnix to redirect to https server. The problem is that I don't have the private key of the .crt file of the web server which I have downloaded from the browser.
...
1
vote
1
answer
1k
views
SSL site is not loaded and no error
I'm trying to install the certificates are purchased from Thirdparty. Received the following error in the log and nothing else. I'm unable to find a similar solution and the ssl site is not accessible....
3
votes
1
answer
396
views
How does one change the certificate and key for https
We have a server whose original PKI certificate was issued by a discontinued root CA. We have a replacement certificate issued from a different root authority chain. This site was set up some time ...
0
votes
0
answers
480
views
Let's Encrypt SSL on Google Cloud
I am utterly failing to find a working guide for installing Let's Encrypt certificates on a single Google Cloud virtual machine.
I'm pretty clearly getting the picture that just doing the Apache ...
2
votes
0
answers
170
views
Failed to renew SSL certificates using Certbot's "dry-run" command
I was using apache for my website and created the SSL for Apache. Then for some reason, I have to change my server from Apache to Node.js. To do that I just copied the SSL certificates path from ...
0
votes
1
answer
96
views
Apply SSL certificate in a bigger context
In my default-ssl
<VirtualHost _default_:443>
ServerName example.co
DocumentRoot /var/www/html/example
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
...
-1
votes
1
answer
1k
views
CNAME that points domain A to domain B results in a Security Warning
I'm using a service (banana.com) that allows me to use my domain (orange.com) to log in.
They mention to add a CNAME record like so:
an.orange.com. 3600 IN CNAME service.banana.com.
I did that but ...
2
votes
1
answer
4k
views
Curl verify certificate improperly
I used curl to launch a https request to download the file. I used below command:
curl -v -o Output.pdf
https://otherdomain.com/upload/manual-8mm-f35-csii-vdslr-5.pdf
The result I get is:
...
0
votes
1
answer
333
views
What will happen if client call Apache server by IP and there are two SNI virtual hosts [duplicate]
We have a Apache 2.4 web server with a couple of virtual hosts with different certificates.
I have set up SNI name based virtualhosts : ap.mmm.com and ac.mmm.com, it's working great. All on same IP (...
1
vote
0
answers
120
views
How to allow a newly inserted user certificate with Apache 'SSLVerifyClient optional'?
My web users are able to optionally use a Smart Card Certificate to identify themself via Firefox to my web server running Apache httpd 2.4.
For this I use SSLVerifyClient optional plus for speed ...