Skip to main content

All Questions

Filter by
Sorted by
Tagged with
1 vote
1 answer
82 views

How to declare an explicit list of allowed client certificates in apache2 server

I use an apache2 server configured as a reverse proxy to access an internal service. To protect this service from unauthorized access I would like to use a certificate-based client authentication. ...
Jib's user avatar
  • 131
2 votes
0 answers
28 views

Client certificates and custom revoked html

I can configure Apache to authenticate users with client certificate and validate them via OCSP. Do you know how can I redirect the user to a custom html page if the certificate is revoked? The ...
Tibor's user avatar
  • 121
0 votes
1 answer
25 views

ssl_issuer_unknown when connecting only to a certain <VirtualHost> with apache

I've this problem with my site configuration and ssl certificates. I've got two websites on the same machine running two different domains. Their respective ssl certificate is issued by Cloudflare and ...
Bestemmie's user avatar
4 votes
6 answers
16k views

HTTPS compatibility issue with Chrome 116/117 ERR_SSL_PROTOCOL_ERROR

I'm having error ERR_SSL_PROTOCOL_ERROR since 2 day on my website for some reason. Browsers tested Windows Chrome 117.0.5938.132 : ERR_SSL_PROTOCOL_ERROR Android Chrome 117.0.5938.61 : ...
Alexandre Lavoie's user avatar
0 votes
1 answer
412 views

Clients of a site are getting SSL_ERROR_HANDSHAKE_FAILURE_ALERT (Firefox) and ERR_BAD_SSL_CLIENT_AUTH_CERT (Chrome)

I'm running a site in AlmaLinux 8.8 (Centos) and Apache 2.4.56. The site has a self-signed certificate. When I access the site, I get the usual warning due to the self-signed certificate. After ...
ePi272314's user avatar
  • 101
0 votes
1 answer
311 views

SSL certificate not working for www subdomain on multiple domain setup

I have a LAMP server running CentOS Stream 8 and Apache 2.4.37. On this I have three domains (let's call them example.com, example.net & example.org). I have SSL certificates for each domain + the ...
Adrien Hingert's user avatar
0 votes
0 answers
324 views

wget doesn't accept HTTPS certificate (from letsencrypt) on some computers but does on others

I have the following situation: On my www server (Apache2, Debian armhf) I have HTTPS certificate from letsencrypt.org by certbot. When accessing the server from a browser (Firefox, Chromium) ...
bicyclesonthemoon's user avatar
0 votes
0 answers
691 views

Can't enable ssl on windows apache24

So, i've already sucessfully installed ssl certificates in apache virtual hosts (2 websites) but i'm unable to access them because every time I activate SSL in httpd.conf apache service wont start <...
totabank's user avatar
0 votes
2 answers
1k views

APACHE CERTBOT ERROR

I'm configuring https on a local apache server using certbot but I get the error below: Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -...
Sam's user avatar
  • 1
1 vote
1 answer
467 views

TLS 1.2 client ignoring "Acceptable CA" list for Apache ClientCertificateRequest

I have TLS 1.2 mutual authentication working on Apache 2.4.54 with a self-signed CA and test clients on iOS and MacOS. Everything works, except the clients do not recognize the "Acceptable ...
user1055568's user avatar
1 vote
0 answers
305 views

The Let's Encrypt cert doesn't work on Apache and FreeBSD

Our server administrator installed via Certbot the free Let's Encrypt certificate on our server with FreeBSD. But the cert doesn't work and we can't understand how exaclty we should configure the file ...
stkuser's user avatar
  • 11
0 votes
1 answer
326 views

Apache mod_md: procedure for handling multiple VirtualHosts?

I have a working setup for multiple virtual hosts on the same server, but there's a problem: all the server's SSL certificates are unnecessarily renewed, and moved, whenever a vhost is added. In this ...
EML's user avatar
  • 470
0 votes
1 answer
3k views

Apache HTTPS not works, HTTP works

OS: Ubuntu Server 20.40. WebServer: Apache2 SSL: OpenSSL SSL Module enabled SSL files copied on server SSL site configurated (above the code) Apache Syntax: OK Firewall: disabled HTTP request works ...
Katalux's user avatar
0 votes
0 answers
659 views

Apache SSL renewal keeps using old certificate

I have a website using Apache that runs on a GCP VM instance with a Google load balancer. In total, I have 3 servers I have changed the SSL certificate in the Google load balance configuration. What I ...
taipei's user avatar
  • 101
0 votes
0 answers
443 views

Is it possible to verify TLS if a server doesn't provide an issuer cert?

I'm trying to configure Apache httpd v2.4 for LDAP authentication to AD. LDAPS certificates are issued by the internal CA. For whatever reason (I'm not on the AD team), neither our prod or non-prod ...
Joe Buckley's user avatar
0 votes
1 answer
316 views

Apache serves with new and old SSL Root certificate

I am hosting a website at https://www.tabletop.cloud A while back I switched from the DST Root CA X3 root certificate to the ISRG Root X1 certificate. When I access my website in every browser the SSL ...
Milan's user avatar
  • 103
1 vote
0 answers
793 views

Apache VirtualHost not loading correct certificate

We are running into issues with this seemingly simple configuration on Apache 2.4. We can't seem to obtain the correct certificate while using the Virtual Host site2.net. We always get site1.net's ...
JoeSlav's user avatar
  • 119
0 votes
0 answers
3k views

Can't restart apache (httpd.service) after replacing to new SSL cert (wildCard, working on other servers)

I have a wildcard SSL cert that I need to replace in all related servers. It worked fine in all of them but one. I go by the exact same process as in other apache servers, but when I replace the files ...
MatanyaP's user avatar
  • 101
1 vote
1 answer
229 views

How many SSL certificates you need - aspnet core + Apache reverse proxy?

When you deploy aspnet core app on Linux you normally do it through reverse-proxy. I.e. Kestrel hosts the app and Apache handles the public internet traffic talking to Kestrel. So Kestrel and Apache ...
Boppity Bop's user avatar
0 votes
1 answer
2k views

A valid Root CA Certificate could not be located, the certificate will likely display browser warnings

i'm trying to get Telegram Webhook working with my local machine but it doesn't make requests. I think it's bc of certificate issue Here's what geocerts.com/ssl-checker says: screenshot Here's my ...
s0up's user avatar
  • 103
0 votes
1 answer
100 views

Apache SSL Installation [Not Duplicate]

I am trying to install ssl certificate on my ubuntu server 20.04 I have downloaded ssl files and put them in /home/ubuntu (will change once it works): api_limitlesssoft_com_key.txt api.limitlesssoft....
Aleksa Ristic's user avatar
0 votes
1 answer
88 views

Can 2 websites www.example.com and www.example.eu reside on the same server

We have 2 websites and want to get a SSL-certificate for both: www.example.de www.otherExample.eu Both sites reside on the same server under different root with their own config-file. With certbot I ...
Zehke's user avatar
  • 13
0 votes
1 answer
976 views

apache how configure multi domain https redirection?

I've an apache running under AWS Elastic beanstalk. I've got several different domains and I want all of them to end in a specific domain name, in HTTPS. The redirection from other domains e.g. https:/...
poypoy's user avatar
  • 5
1 vote
2 answers
1k views

How does Apache choose which certificate to use?

Currently Apache is hosting several sub domains with host certificates generated with certbot and a http challenge. Now I want to setup a default virtual ssl host to redirect non-existing subdomains ...
Jette's user avatar
  • 113
1 vote
0 answers
423 views

Apache2: RADIUS authentication before rewrite engine HTTPS

I tried to set up a reverse proxy with HTTPS and Radius authentication. Unfortunately, I don't get an authentication query before it redirects to the HTTPS page. What did I do wrong? <VirtualHost *:...
Robin Schulz's user avatar
0 votes
0 answers
111 views

Strange behavior of Apache with a ssl certificate while DNS are propagating

Is there anywhere a cache for certificates for apache 2.4 under Debian 9 ? While DNS are propagating on an hosting, I sometimes get wrong certificate (the one of the first hosting of the server in ...
Fabien Auréjac's user avatar
0 votes
1 answer
435 views

Old LetsEncrypt SSL certificate still being served by EC2 instance

I'm working on renewing the SSL certificate for my websites. They are all running on the same EC2 instance with the same Apache server. Two of my domains recently expired so I also tried to remove ...
Neel's user avatar
  • 143
4 votes
1 answer
5k views

Conditionally set SSL certificate request header in Apache

I have an Apache 2.4 server configured as a reverse proxy to accept incoming HTTPS requests and reverse-proxy them to another server over HTTP with custom HTTP headers containing any provided client ...
shawmanz32na's user avatar
0 votes
1 answer
178 views

Single website with multiple certs

I have a website with 2 domain names. 1. name.org 2. server.university.edu/name I have a wildcard cert to cover server.university.edu/name. If I get one from say, letsencryp.org, I'm not sure how to ...
Mike's user avatar
  • 83
0 votes
1 answer
2k views

How to install letsencrypt wildcard certificates?

I am using certbot/letsencrypt from the EPEL repository with apache on CentOS 7 without any issues on "normal" domain names. The certbot tool recognizes server name aliases from the virtualhost config ...
uncovery's user avatar
  • 365
0 votes
2 answers
353 views

SSL certificate mismatch, multi vendor website

I have a website hosted on *.mydomain.com, my Apache web server in conjunction with PHP will return/echo some plain text based on the subdomain provided. *.mydomain.com is secured with a wildcard SSL ...
Owen's user avatar
  • 21
2 votes
1 answer
314 views

Two VHost with same DocumentRoot but different SSL Certificate. Is that even possible?

I can do this : https://www.digicert.com/kb/ssl-support/apache-multiple-ssl-certificates-using-sni.htm But I need to do that (note that the DocumentRoot is the same on purpose) : <VirtualHost *:...
Michel's user avatar
  • 132
1 vote
2 answers
1k views

Different certificates for Let's encrypt

I have an apache webserver that uses certbot for Let's Encrypt SSL certificate. Is it possible to have many separated certificates for each virtualhost managed? Currently certbot works with only one ...
Tobia's user avatar
  • 1,344
0 votes
1 answer
417 views

Apache, sslh, SSL certs, local app, and dockerised app

I've got a server which has been hosting a local app (Nextcloud) for a while with no issues, behind apache (2.4). I'm also hosting an SSH server on port 443, for which I use sslh. My LetsEncrypt ...
Ng Oon-Ee's user avatar
  • 103
-1 votes
1 answer
1k views

Apache 2.4.29: How to configure multiple

I tried configured multiple SSLCACertificateFile in single vhost but apparently apache is accepting only requests with ca_sha256.cer as root cert, is there a way to support both SSLCACertificateFile ...
OTUser's user avatar
  • 73
1 vote
1 answer
987 views

apache does not see my new certs, still has expired certs

In typing this question I found this: Apache seems to be using old expired certificate even though new one is installed His issue is mine to a T, and all things he tried more or less I did too. The ...
Codejoy's user avatar
  • 157
1 vote
1 answer
4k views

certbot-auto renew fails

I inherited a web-server that uses letsencrypt with certbot. At first I thought it seemed straight forward, but running certbot-auto renew fails. I then did a certbot-auto certonly --apache and that ...
Codejoy's user avatar
  • 157
1 vote
0 answers
2k views

Server saying no TLS/SSL protocols available even though mod_ssl/openssl installed and enabled

I am trying to add SSL certs to my server but when I connect via a browser it throws an error (ERR_SSL_PROTOCOL_ERROR in Chrome). This is confirmed using testssh (https://testssl.sh/) Testing ...
williamsdb's user avatar
1 vote
1 answer
174 views

SSL and www - handling redirect from https://mysite to https://www.mysite

So this is obviously a 2x2 matrix - www and non-www, against SSL and non-SSL. I want all traffic to be directed to SSL and www. Getting http://example.com and http://www.example.com over to https://...
Oliver Williams's user avatar
0 votes
1 answer
319 views

managing digital certificates for email (postfix/dovecot) and DKIM

I am seeking to make emails my server sends have a higher reputation by implementing DKIM and DMARC. I already am passing SPF with the proper DNS entries. I also have a working Postfix/Dovecot ...
Oliver Williams's user avatar
0 votes
1 answer
147 views

Ngnix Reverse Proxy With SSL Certificate

I want to configure a proxy server with Ngnix to redirect to https server. The problem is that I don't have the private key of the .crt file of the web server which I have downloaded from the browser. ...
Ahmad Alkhatib's user avatar
1 vote
1 answer
1k views

SSL site is not loaded and no error

I'm trying to install the certificates are purchased from Thirdparty. Received the following error in the log and nothing else. I'm unable to find a similar solution and the ssl site is not accessible....
1myb's user avatar
  • 201
3 votes
1 answer
396 views

How does one change the certificate and key for https

We have a server whose original PKI certificate was issued by a discontinued root CA. We have a replacement certificate issued from a different root authority chain. This site was set up some time ...
James B. Byrne's user avatar
0 votes
0 answers
480 views

Let's Encrypt SSL on Google Cloud

I am utterly failing to find a working guide for installing Let's Encrypt certificates on a single Google Cloud virtual machine. I'm pretty clearly getting the picture that just doing the Apache ...
David Benfell's user avatar
2 votes
0 answers
170 views

Failed to renew SSL certificates using Certbot's "dry-run" command

I was using apache for my website and created the SSL for Apache. Then for some reason, I have to change my server from Apache to Node.js. To do that I just copied the SSL certificates path from ...
Amarjit Singh's user avatar
0 votes
1 answer
96 views

Apply SSL certificate in a bigger context

In my default-ssl <VirtualHost _default_:443> ServerName example.co DocumentRoot /var/www/html/example SSLEngine On SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem ...
Maciek's user avatar
  • 139
-1 votes
1 answer
1k views

CNAME that points domain A to domain B results in a Security Warning

I'm using a service (banana.com) that allows me to use my domain (orange.com) to log in. They mention to add a CNAME record like so: an.orange.com. 3600 IN CNAME service.banana.com. I did that but ...
adi's user avatar
  • 3
2 votes
1 answer
4k views

Curl verify certificate improperly

I used curl to launch a https request to download the file. I used below command: curl -v -o Output.pdf https://otherdomain.com/upload/manual-8mm-f35-csii-vdslr-5.pdf The result I get is: ...
Jitesh T's user avatar
0 votes
1 answer
333 views

What will happen if client call Apache server by IP and there are two SNI virtual hosts [duplicate]

We have a Apache 2.4 web server with a couple of virtual hosts with different certificates. I have set up SNI name based virtualhosts : ap.mmm.com and ac.mmm.com, it's working great. All on same IP (...
Uri Gorobets's user avatar
1 vote
0 answers
120 views

How to allow a newly inserted user certificate with Apache 'SSLVerifyClient optional'?

My web users are able to optionally use a Smart Card Certificate to identify themself via Firefox to my web server running Apache httpd 2.4. For this I use SSLVerifyClient optional plus for speed ...
Petra Verheim's user avatar