Last active
November 14, 2018 16:15
-
-
Save CedricL46/00636ea0dbdc1501ef4d76842dd62e70 to your computer and use it in GitHub Desktop.
Full article on : https://cedricleruth.com/how-to-fix-failed-to-start-the-apache-http-server-after-renewing-ssl-certificate-on-aws-ec2-linux/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Once the certificate renew command is scheduled (or manually with sudo ./etc/letsencrypt/certbot-auto renew) a new certificate is generated | |
## To check if a new certificate was generated you can run : | |
[ec2-user@ip-MyIp ~]$ locate *certbot.pem | |
/etc/letsencrypt/csr/0000_csr-certbot.pem #old certificate | |
/etc/letsencrypt/csr/0001_csr-certbot.pem #new certificate | |
## You then need to change the ssl conf to specify the new certificate : | |
sudo vim /etc/httpd/conf.d/ssl.conf | |
## Search for SSLCertificateKeyFile(vim command : ?SSLCertificateKeyFile) and change the file for the new one : | |
# Server Private Key: | |
# If the key is not combined with the certificate, use this | |
# directive to point at the key file. Keep in mind that if | |
# you've both a RSA and a DSA private key you can configure | |
# both in parallel (to also allow the use of DSA ciphers, etc.) | |
SSLCertificateKeyFile /etc/letsencrypt/live/YOURDOMAIN.com/privkey.pem ## the old file was /etc/letsencrypt/keys/0000_key-certbot.pem | |
# Server Certificate Chain: | |
# Point SSLCertificateChainFile at a file containing the | |
# concatenation of PEM encoded CA certificates which form the | |
# certificate chain for the server certificate. Alternatively | |
# the referenced file can be the same as SSLCertificateFile | |
# when the CA certificates are directly appended to the server | |
# certificate for convinience. | |
SSLCertificateChainFile /etc/letsencrypt/live/YOURDOMAIN.com/chain.pem | |
## Once this is updated, simply save and quit vim(vim command :wq) and restart the httpd service : | |
sudo service httpd restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment