Autor Tema: Ayuda con renovación certificado SSL (Leído 2643 veces)

CarlosLSev · « **en:** 07 de Diciembre del 2022, 16:34:12 pm »

Buenas tardes, se que esto no va aquí, pero tras estar 2 días leyendo no soy capaz de renovarlo. El año pasado sobre diciembre me percate que tengo un certificado SSL y como tengo un VPS lo tengo que instalar yo, el año pasado tras seguir varios manuales conseguir echarlo andar

, me caduco ayer pero soy incapaz de renovarlo. La cuestión es que me lo apunte por que me costo dar con la solución y siguiendo los pasos pero recibo un error.
Información del certificado es:
Dominio *.meteoviso.es
Información de certificado
Tipo de certificado SSL Starter Wildcard
Válido desde 06/12/2022
Válido hasta 06/12/2023
Método de autentificación Validación de dominio basada en DNS
Entidad de certificación GeoTrust - creado por DigiCert
Estado Listo
El certificado SSL y el Intermedio los descargos de IONOS
meteoviso.es_ssl_certificate.cer
_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer
Genero el .key y .csr con el comando que sale de aqui https://www.digicert.com/easy-csr/openssl.htm
Ejecutando desde SSH del VPS donde esta alojada la web
openssl req -new -newkey rsa:2048 -nodes -out star_meteoviso_es.csr -keyout star_meteoviso_es.key -subj "/C=ES/ST=Sevilla/L=El Viso Del Alcor/O=Meteoviso/OU=Meteoviso/CN=*.meteoviso.es"
Recupero esos dos ficheros de /root
star_meteoviso_es.key
star_meteoviso_es.csr (no se para que sirve)
Subo a /etc/apache2/ssl/
star_meteoviso_es.key
meteoviso.es_ssl_certificate.cer
_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer
Edito /etc/apache2/sites-available\000-default.conf

<VirtualHost *:80>
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName www.meteoviso.es
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer
SSLCertificateKeyFile /etc/apache2/ssl/star_meteoviso_es.key
SSLCertificateChainFile /etc/apache2/ssl/_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer
</VirtualHost>

Si escribo
root@meteoviso:~# sudo apachectl configtest
Syntax OK

root@meteoviso:~# systemctl restart apache2
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
También seguí las instrucciones de https://www.digicert.com/kb/csr-ssl-installation/ubuntu-server-with-apache2-openssl.htm#ssl_certificate_install
Ahora mismo desactive redirección a https
¿alguna sugerencia?

jmviper · « **Respuesta #1 en:** 07 de Diciembre del 2022, 20:12:52 pm »

Hola Carlos

No me sé mucho de instalar certificados en el servidor pero... has mirado qué error te da apache ?? service apache2 status

CarlosLSev · « **Respuesta #2 en:** 07 de Diciembre del 2022, 22:22:50 pm »

Buenas jmviper
Veamos el procedimiento era mas simple, tras recibir llamada de ionos, el .key tmb se descargaba de ionos, aun así sigo sin poder configurarlo
1.- Asignamos certificado a dominio en ionos y revocamos certificado

2.- Descargamos de https://ssl.ionos.es/ssl-ssa/index#1,sslSettings los 3 certificados
_.meteoviso.es_private_key.key
meteoviso.es_ssl_certificate.cer
_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer

3.- Creamos carpeta "ssl" en /etc/apache2/ quedando los ficheros en /etc/apache2/ssl/
y subimos los 3 ficheros

4.-sudo a2enmod ssl y a2enmod rewrite

5.- En /etc/apache2/sites-available/000-default.conf
Cambiamos de para redirigir todo trafico de http a https
<VirtualHost *:80>
.....
a
<VirtualHost *:80>
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>

Para ubicar certificados y activar

<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName www.meteoviso.es
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer
SSLCertificateKeyFile /etc/apache2/ssl/_.meteoviso.es_private_key.key
SSLCertificateChainFile /etc/apache2/ssl/_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer

----
</VirtualHost>

6.- En ssh
apachectl configtest
Debe dar
Syntax OK

Para aplicar cambios
systemctl restart apache2

Código: [Seleccionar]

root@meteoviso:~# service apache2 status
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor prese>
     Active: failed (Result: exit-code) since Wed 2022-12-07 22:07:05 CET; 2s a>
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 60960 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/F>

Dec 07 22:07:05 meteoviso systemd[1]: Starting The Apache HTTP Server...
Dec 07 22:07:05 meteoviso apachectl[60960]: Action 'start' failed.
Dec 07 22:07:05 meteoviso apachectl[60960]: The Apache error log may have more >
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Control process exited, >
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Failed with result 'exit>
Dec 07 22:07:05 meteoviso systemd[1]: Failed to start The Apache HTTP Server.
lines 1-12/12 (END)...skipping...
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2022-12-07 22:07:05 CET; 2s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 60960 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

Dec 07 22:07:05 meteoviso systemd[1]: Starting The Apache HTTP Server...
Dec 07 22:07:05 meteoviso apachectl[60960]: Action 'start' failed.
Dec 07 22:07:05 meteoviso apachectl[60960]: The Apache error log may have more information.
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 07 22:07:05 meteoviso systemd[1]: Failed to start The Apache HTTP Server.
~

lines 1-12/12 (END)

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2022-12-07 22:07:05 CET; 2s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 60960 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

Dec 07 22:07:05 meteoviso systemd[1]: Starting The Apache HTTP Server...
Dec 07 22:07:05 meteoviso apachectl[60960]: Action 'start' failed.
Dec 07 22:07:05 meteoviso apachectl[60960]: The Apache error log may have more information.
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 07 22:07:05 meteoviso systemd[1]: Failed to start The Apache HTTP Server.

jmviper · « **Respuesta #3 en:** 07 de Diciembre del 2022, 23:00:22 pm »

Citar

The Apache error log may have more information.

tail -50 /var/log/apache2/error.log

A ver si sale algo más de información porque sin saber cuál es el fallo poco podemos hacer.

CarlosLSev · « **Respuesta #4 en:** 07 de Diciembre del 2022, 23:17:59 pm »

Código: [Seleccionar]

root@meteoviso:~# tail -50 /var/log/apache2/error.log
AH00016: Configuration Failed
[Wed Dec 07 22:50:12.792305 2022] [ssl:emerg] [pid 1744] AH02572: Failed to configure at least one certificate and key for www.meteoviso.es:443
[Wed Dec 07 22:50:12.792354 2022] [ssl:emerg] [pid 1744] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Wed Dec 07 22:50:12.792359 2022] [ssl:emerg] [pid 1744] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
[Wed Dec 07 22:50:28.056482 2022] [ssl:emerg] [pid 1761] AH02572: Failed to configure at least one certificate and key for www.meteoviso.es:443
[Wed Dec 07 22:50:28.056537 2022] [ssl:emerg] [pid 1761] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Wed Dec 07 22:50:28.056542 2022] [ssl:emerg] [pid 1761] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
[Wed Dec 07 22:50:52.193892 2022] [mpm_prefork:notice] [pid 1781] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Wed Dec 07 22:50:52.193949 2022] [core:notice] [pid 1781] AH00094: Command line: '/usr/sbin/apache2'
[Wed Dec 07 22:52:04.295007 2022] [mpm_prefork:notice] [pid 1781] AH00169: caught SIGTERM, shutting down
[Wed Dec 07 22:52:04.369376 2022] [ssl:emerg] [pid 1877] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 22:55:17.605718 2022] [ssl:emerg] [pid 1983] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 22:55:39.388459 2022] [ssl:emerg] [pid 2016] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 22:57:00.830603 2022] [ssl:emerg] [pid 2072] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 22:58:38.970894 2022] [ssl:emerg] [pid 2137] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:00:22.141735 2022] [ssl:emerg] [pid 2238] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:01:56.262275 2022] [ssl:emerg] [pid 2284] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:02:01.013962 2022] [ssl:emerg] [pid 2296] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:05:24.752245 2022] [ssl:emerg] [pid 2458] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/meteovisossl/meteoviso.es_ssl_certificate.cer and /etc/apache2/meteovisossl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:06:03.936787 2022] [mpm_prefork:notice] [pid 2507] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Wed Dec 07 23:06:03.936851 2022] [core:notice] [pid 2507] AH00094: Command line: '/usr/sbin/apache2'
[Wed Dec 07 23:06:59.753630 2022] [mpm_prefork:notice] [pid 2507] AH00169: caught SIGTERM, shutting down
[Wed Dec 07 23:06:59.866020 2022] [mpm_prefork:notice] [pid 2542] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Wed Dec 07 23:06:59.866075 2022] [core:notice] [pid 2542] AH00094: Command line: '/usr/sbin/apache2'
[Wed Dec 07 23:07:19.527754 2022] [php7:notice] [pid 2543] [client 88.29.162.32:64215] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 82
[Wed Dec 07 23:07:19.527785 2022] [php7:notice] [pid 2543] [client 88.29.162.32:64215] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 82
[Wed Dec 07 23:07:19.527790 2022] [php7:notice] [pid 2543] [client 88.29.162.32:64215] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 83
[Wed Dec 07 23:07:19.527794 2022] [php7:notice] [pid 2543] [client 88.29.162.32:64215] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 83
[Wed Dec 07 23:07:20.141537 2022] [php7:warn] [pid 2543] [client 88.29.162.32:64215] PHP Warning:  Cannot modify header information - headers already sent by (output started at /var/www/html/top.php:147) in /var/www/html/script/avisosaemetdesktop.php on line 7
[Wed Dec 07 23:07:20.365297 2022] [php7:notice] [pid 2543] [client 88.29.162.32:64215] PHP Notice:  A non well formed numeric value encountered in /var/www/html/ajax-dashboard.php on line 805
[Wed Dec 07 23:07:21.759999 2022] [php7:notice] [pid 2564] [client 88.29.162.32:64354] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 82, referer: http://m.meteoviso.es/
[Wed Dec 07 23:07:21.760024 2022] [php7:notice] [pid 2564] [client 88.29.162.32:64354] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 82, referer: http://m.meteoviso.es/
[Wed Dec 07 23:07:21.760028 2022] [php7:notice] [pid 2564] [client 88.29.162.32:64354] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 83, referer: http://m.meteoviso.es/
[Wed Dec 07 23:07:21.760032 2022] [php7:notice] [pid 2564] [client 88.29.162.32:64354] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 83, referer: http://m.meteoviso.es/
[Wed Dec 07 23:08:10.065793 2022] [mpm_prefork:notice] [pid 2542] AH00169: caught SIGTERM, shutting down
[Wed Dec 07 23:08:10.142406 2022] [ssl:emerg] [pid 2636] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/meteovisossl/meteoviso.es_ssl_certificate.cer and /etc/apache2/meteovisossl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:14:13.534576 2022] [ssl:emerg] [pid 2913] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed

CarlosLSev · « **Respuesta #5 en:** 08 de Diciembre del 2022, 00:11:22 am »

Solucionado, cosas raras de la informática lo que puse ultimo es correcto, pero tras revocar certificado
Descargar la clave privada .key y luego los otros 2 certificados. Así funciona perfectamente

_.meteoviso.es_private_key.key
meteoviso.es_ssl_certificate.cer
_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer

Y mira que lo hice los 3 a la vez pero no sabia que había que desargarselo en ese orden.
Gracias!!!

Noticias:

Autor Tema: Ayuda con renovación certificado SSL (Leído 2643 veces)

CarlosLSev

Ayuda con renovación certificado SSL

jmviper

Re:Ayuda con renovación certificado SSL

CarlosLSev

Re:Ayuda con renovación certificado SSL

jmviper

Re:Ayuda con renovación certificado SSL

CarlosLSev

Re:Ayuda con renovación certificado SSL

CarlosLSev

Re:Ayuda con renovación certificado SSL