SSL Certificate from Let's encrypt and reverse proxy issues not working after it worked

neal wang
neal wang used Ask the Experts™
on
I set up win.interstagebpm.com with let's encrypt and I was able to get the page to go https://win.interstagebpm.com

However I tried to setup reverse proxy with nginx and by editing httpd files
https://www.centosblog.com/configure-apache-https-reverse-proxy-centos-linux/

However this didn't work. Also the machine ran out of disk space and had to fix that. When that was fixed https://win.interstagebpm.com was complaining that it wasn't a secure site meaning the ssl certificate wasn't being registered.
I've also uninstalled ngninx

What am I doing wrong? I would like to reverse proxy the rest of the site but the main page https://win.interstagebpm.com is not working
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016

Commented:
you are currently using a self signed certificate.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Your cert or cert config is munged/broken.

https://www.ssllabs.com/ssltest/analyze.html?d=win.interstagebpm.com shows the problem.
Fractional CTO
Distinguished Expert 2018
Commented:
As David Johnson mentioned, the current cert in use is a self signed cert, rather than your LetsEncrypt cert.

imac> echo QUIT | openssl s_client -connect win.interstagebpm.com:443 -servername win.interstagebpm.com 2>&1 | egrep -i issuer
verify error:num=20:unable to get local issuer certificate
issuer=C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = dxpdemo, emailAddress = root@dxpdemo

Open in new window


Several possibilities...

1) You've modified the incorrect config for your site. In other words, your cert is in some sample config (usually) rather than actual config.

2) More likely, you just require bouncing your Web server. Bounce - full stop, then restart to ensure re-reading into your Webserver all certs, including you're newly added LetsEncrypt cert.

3) Many Distros, like Ubuntu provide a service control atom of reload, which allows new configs + certs to be read into Apache, while allowing all currently open connections to survive. If your Webserver supports the reload atom/operation, use reload rather than a stop/restart.

Author

Commented:
Thanks so much! It turns out my coworker did reference the wrong signed certificate, I put in the correct location of the letsencrypt certificates back in the parameters and it worked.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You're welcome!

Glad you figured this out!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial