Apache SSL Not Serving SSL Site after Cert Renew

CENTOS 6.5 Server running Apache 2.2.15

We are running a Secure Site on this server and thus have a SSL cert from GoDaddy. The Cert from Godaddy is current but recently the Server-Cert expired.

Followed the instructions here to generate a new Server-Cert
https://serverfault.com/questions/578069/ssl-library-error-8181-certificate-has-expired

Then here to generate a new CSR
https://tecadmin.net/simple-steps-to-generate-csr-on-centos/#
 

Then we went and Re-Keyed our SSL cert with Godaddy, plugged in the new cert details and restarted HTTPD.

When I run : nmap -sT xxxxx.xxxxxxx.com
Get this
Host is up (0.00044s latency).
Not shown: 993 closed ports
PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
3306/tcp  open  mysql
8443/tcp  open  https-alt
10000/tcp open  snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

It appears that it is not listening on 443. If I add a "Listen 443" directive to the HTTPD Conf though it resolves to the Centos Apache default screen versus the site root.

In the SSL_ERROR Log I am seeing the following
[Tue May 22 15:09:11 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:11 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:42 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:42 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:42 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:43 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:43 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:43 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

Only other things I am seeing in Error_log
[Tue May 22 15:31:28 2018] [notice] caught SIGTERM, shutting down
[Tue May 22 15:31:29 2018] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 22 15:31:29 2018] [notice] Digest: generating secret for digest authentication ...
[Tue May 22 15:31:29 2018] [notice] Digest: done
[Tue May 22 15:31:29 2018] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Tue May 22 15:31:29 2018] [notice] mod_python: using mutex_directory /tmp
[Tue May 22 15:31:29 2018] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fcgid/2.3.9 mod_nss/2.2.15 NSS/3.21.3 Basic ECC PHP/5.3.3 mod_python/3.3.1 Python/2.6.6 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_wsgi/3.2 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations

Attached are copies of the HTTPD.CONF and SSL.CONF

httpd.conf-copy.txt
ssl.conf.txt
Joel BuhrPresidentAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joel BuhrPresidentAuthor Commented:
OK we commented out all of the previous Virtual Hosts and reset up the virtual host.  Site is up but it is not seeing the SSL cert from Godaddy still.

<VirtualHost 192.168.0.250:443>
DocumentRoot /var/www/html/gateway
ServerName xxxx.xxxxxxxx.com
<Directory "/var/www/html/gateway">
SetEnvIf User-Agent ".*MSIE.*"          nokeepalive ssl-unclean-shutdown          downgrade-1.0 force-response-1.0
allow from all
Options +Indexes
</Directory>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/gfgdgsfgdfgd.crt
SSLCertificateKeyFile /etc/pki/tls/private/xxxx.xxxxxxxx.key
SSLCACertificateFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt
SSLCertificateChainFile /etc/pki/tls/certs/gd_intermediate.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Joel BuhrPresidentAuthor Commented:
Additional tweaks to the SSL.CONF including the Godaddy CRT and Bundle where needed.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ssl cert

From novice to tech pro — start learning today.