Autor Tema: Ayuda con renovación certificado SSL  (Leído 3015 veces)

0 Usuarios y 2 Visitantes están viendo este tema.

Desconectado CarlosLSev

  • Sr. Member
  • ****
  • Mensajes: 300
    • Ver Perfil
    • Meteoviso
  • Estación: El Viso del Alcor ESAND4100000041520A
Ayuda con renovación certificado SSL
« en: 07 de Diciembre del 2022, 16:34:12 pm »
Buenas tardes, se que esto no va aquí, pero tras estar 2 días leyendo no soy capaz de renovarlo. El año pasado sobre diciembre me percate que tengo un certificado SSL y como tengo un VPS lo tengo que instalar yo, el año pasado tras seguir varios manuales conseguir echarlo andar :), me caduco ayer pero soy incapaz de renovarlo. La cuestión es que me lo apunte por que me costo dar con la solución y siguiendo los pasos pero recibo un error.
Información del certificado es:
Dominio *.meteoviso.es
Información de certificado
Tipo de certificado SSL Starter Wildcard
Válido desde 06/12/2022
Válido hasta 06/12/2023
Método de autentificación Validación de dominio basada en DNS
Entidad de certificación GeoTrust - creado por DigiCert
Estado Listo
El certificado SSL y el Intermedio los descargos de IONOS
meteoviso.es_ssl_certificate.cer
_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer
Genero el .key y .csr con el comando que sale de aqui https://www.digicert.com/easy-csr/openssl.htm
Ejecutando desde SSH del VPS donde esta alojada la web
openssl req -new -newkey rsa:2048 -nodes -out star_meteoviso_es.csr -keyout star_meteoviso_es.key -subj "/C=ES/ST=Sevilla/L=El Viso Del Alcor/O=Meteoviso/OU=Meteoviso/CN=*.meteoviso.es"
Recupero esos dos ficheros de /root
star_meteoviso_es.key
star_meteoviso_es.csr (no se para que sirve)
Subo a /etc/apache2/ssl/
star_meteoviso_es.key
meteoviso.es_ssl_certificate.cer
_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer
Edito /etc/apache2/sites-available\000-default.conf

<VirtualHost *:80>
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    DocumentRoot /var/www/html
    ServerName www.meteoviso.es
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer
        SSLCertificateKeyFile /etc/apache2/ssl/star_meteoviso_es.key
        SSLCertificateChainFile /etc/apache2/ssl/_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer
</VirtualHost>

Si escribo
root@meteoviso:~# sudo apachectl configtest
Syntax OK


root@meteoviso:~# systemctl restart apache2
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
También seguí las instrucciones de https://www.digicert.com/kb/csr-ssl-installation/ubuntu-server-with-apache2-openssl.htm#ssl_certificate_install
Ahora mismo desactive redirección a https
¿alguna sugerencia?

El Viso del Alcor

Desconectado jmviper

  • Investigación
  • Hero Member
  • ******
  • Mensajes: 4.576
  • "Vortex Complex"
    • Ver Perfil
    • www.meteoarchena.es
  • Estación: Archena - ESMUR3000000030600B
Re:Ayuda con renovación certificado SSL
« Respuesta #1 en: 07 de Diciembre del 2022, 20:12:52 pm »
Hola Carlos

No me sé mucho de instalar certificados en el servidor pero... has mirado qué error te da apache ?? service apache2 status



Archena, Valle de Ricote (Murcia). 120 msnm. 19.622 hab.
Davis Vantage Pro2 Plus

www.meteoarchena.es

Desconectado CarlosLSev

  • Sr. Member
  • ****
  • Mensajes: 300
    • Ver Perfil
    • Meteoviso
  • Estación: El Viso del Alcor ESAND4100000041520A
Re:Ayuda con renovación certificado SSL
« Respuesta #2 en: 07 de Diciembre del 2022, 22:22:50 pm »
Buenas jmviper
Veamos el procedimiento era mas simple, tras recibir llamada de ionos, el .key tmb se descargaba de ionos, aun así sigo sin poder configurarlo
1.- Asignamos certificado a dominio en ionos y revocamos certificado

2.- Descargamos de https://ssl.ionos.es/ssl-ssa/index#1,sslSettings los 3 certificados
_.meteoviso.es_private_key.key
meteoviso.es_ssl_certificate.cer
_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer

3.- Creamos carpeta "ssl" en /etc/apache2/ quedando los ficheros en /etc/apache2/ssl/
y subimos los 3 ficheros


4.-sudo a2enmod ssl y a2enmod rewrite

5.- En /etc/apache2/sites-available/000-default.conf
Cambiamos de para redirigir todo trafico de http a https
<VirtualHost *:80>
.....
a
<VirtualHost *:80>
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</VirtualHost>

Para ubicar certificados y activar

<VirtualHost *:443>
    DocumentRoot /var/www/html
    ServerName www.meteoviso.es
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer
        SSLCertificateKeyFile /etc/apache2/ssl/_.meteoviso.es_private_key.key
        SSLCertificateChainFile /etc/apache2/ssl/_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer


----
</VirtualHost>


6.- En ssh
apachectl configtest
Debe dar
Syntax OK

Para aplicar cambios
systemctl restart apache2






Código: [Seleccionar]
root@meteoviso:~# service apache2 status
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor prese>
     Active: failed (Result: exit-code) since Wed 2022-12-07 22:07:05 CET; 2s a>
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 60960 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/F>

Dec 07 22:07:05 meteoviso systemd[1]: Starting The Apache HTTP Server...
Dec 07 22:07:05 meteoviso apachectl[60960]: Action 'start' failed.
Dec 07 22:07:05 meteoviso apachectl[60960]: The Apache error log may have more >
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Control process exited, >
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Failed with result 'exit>
Dec 07 22:07:05 meteoviso systemd[1]: Failed to start The Apache HTTP Server.
lines 1-12/12 (END)...skipping...
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2022-12-07 22:07:05 CET; 2s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 60960 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

Dec 07 22:07:05 meteoviso systemd[1]: Starting The Apache HTTP Server...
Dec 07 22:07:05 meteoviso apachectl[60960]: Action 'start' failed.
Dec 07 22:07:05 meteoviso apachectl[60960]: The Apache error log may have more information.
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 07 22:07:05 meteoviso systemd[1]: Failed to start The Apache HTTP Server.
~

lines 1-12/12 (END)

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2022-12-07 22:07:05 CET; 2s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 60960 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

Dec 07 22:07:05 meteoviso systemd[1]: Starting The Apache HTTP Server...
Dec 07 22:07:05 meteoviso apachectl[60960]: Action 'start' failed.
Dec 07 22:07:05 meteoviso apachectl[60960]: The Apache error log may have more information.
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Dec 07 22:07:05 meteoviso systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 07 22:07:05 meteoviso systemd[1]: Failed to start The Apache HTTP Server.


El Viso del Alcor

Desconectado jmviper

  • Investigación
  • Hero Member
  • ******
  • Mensajes: 4.576
  • "Vortex Complex"
    • Ver Perfil
    • www.meteoarchena.es
  • Estación: Archena - ESMUR3000000030600B
Re:Ayuda con renovación certificado SSL
« Respuesta #3 en: 07 de Diciembre del 2022, 23:00:22 pm »
 
Citar
The Apache error log may have more information.

tail -50 /var/log/apache2/error.log

A ver si sale algo más de información porque sin saber cuál es el fallo poco podemos hacer.



Archena, Valle de Ricote (Murcia). 120 msnm. 19.622 hab.
Davis Vantage Pro2 Plus

www.meteoarchena.es

Desconectado CarlosLSev

  • Sr. Member
  • ****
  • Mensajes: 300
    • Ver Perfil
    • Meteoviso
  • Estación: El Viso del Alcor ESAND4100000041520A
Re:Ayuda con renovación certificado SSL
« Respuesta #4 en: 07 de Diciembre del 2022, 23:17:59 pm »
Código: [Seleccionar]
root@meteoviso:~# tail -50 /var/log/apache2/error.log
AH00016: Configuration Failed
[Wed Dec 07 22:50:12.792305 2022] [ssl:emerg] [pid 1744] AH02572: Failed to configure at least one certificate and key for www.meteoviso.es:443
[Wed Dec 07 22:50:12.792354 2022] [ssl:emerg] [pid 1744] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Wed Dec 07 22:50:12.792359 2022] [ssl:emerg] [pid 1744] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
[Wed Dec 07 22:50:28.056482 2022] [ssl:emerg] [pid 1761] AH02572: Failed to configure at least one certificate and key for www.meteoviso.es:443
[Wed Dec 07 22:50:28.056537 2022] [ssl:emerg] [pid 1761] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Wed Dec 07 22:50:28.056542 2022] [ssl:emerg] [pid 1761] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
[Wed Dec 07 22:50:52.193892 2022] [mpm_prefork:notice] [pid 1781] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Wed Dec 07 22:50:52.193949 2022] [core:notice] [pid 1781] AH00094: Command line: '/usr/sbin/apache2'
[Wed Dec 07 22:52:04.295007 2022] [mpm_prefork:notice] [pid 1781] AH00169: caught SIGTERM, shutting down
[Wed Dec 07 22:52:04.369376 2022] [ssl:emerg] [pid 1877] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 22:55:17.605718 2022] [ssl:emerg] [pid 1983] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 22:55:39.388459 2022] [ssl:emerg] [pid 2016] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 22:57:00.830603 2022] [ssl:emerg] [pid 2072] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 22:58:38.970894 2022] [ssl:emerg] [pid 2137] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:00:22.141735 2022] [ssl:emerg] [pid 2238] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:01:56.262275 2022] [ssl:emerg] [pid 2284] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:02:01.013962 2022] [ssl:emerg] [pid 2296] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:05:24.752245 2022] [ssl:emerg] [pid 2458] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/meteovisossl/meteoviso.es_ssl_certificate.cer and /etc/apache2/meteovisossl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:06:03.936787 2022] [mpm_prefork:notice] [pid 2507] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Wed Dec 07 23:06:03.936851 2022] [core:notice] [pid 2507] AH00094: Command line: '/usr/sbin/apache2'
[Wed Dec 07 23:06:59.753630 2022] [mpm_prefork:notice] [pid 2507] AH00169: caught SIGTERM, shutting down
[Wed Dec 07 23:06:59.866020 2022] [mpm_prefork:notice] [pid 2542] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Wed Dec 07 23:06:59.866075 2022] [core:notice] [pid 2542] AH00094: Command line: '/usr/sbin/apache2'
[Wed Dec 07 23:07:19.527754 2022] [php7:notice] [pid 2543] [client 88.29.162.32:64215] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 82
[Wed Dec 07 23:07:19.527785 2022] [php7:notice] [pid 2543] [client 88.29.162.32:64215] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 82
[Wed Dec 07 23:07:19.527790 2022] [php7:notice] [pid 2543] [client 88.29.162.32:64215] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 83
[Wed Dec 07 23:07:19.527794 2022] [php7:notice] [pid 2543] [client 88.29.162.32:64215] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 83
[Wed Dec 07 23:07:20.141537 2022] [php7:warn] [pid 2543] [client 88.29.162.32:64215] PHP Warning:  Cannot modify header information - headers already sent by (output started at /var/www/html/top.php:147) in /var/www/html/script/avisosaemetdesktop.php on line 7
[Wed Dec 07 23:07:20.365297 2022] [php7:notice] [pid 2543] [client 88.29.162.32:64215] PHP Notice:  A non well formed numeric value encountered in /var/www/html/ajax-dashboard.php on line 805
[Wed Dec 07 23:07:21.759999 2022] [php7:notice] [pid 2564] [client 88.29.162.32:64354] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 82, referer: http://m.meteoviso.es/
[Wed Dec 07 23:07:21.760024 2022] [php7:notice] [pid 2564] [client 88.29.162.32:64354] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 82, referer: http://m.meteoviso.es/
[Wed Dec 07 23:07:21.760028 2022] [php7:notice] [pid 2564] [client 88.29.162.32:64354] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 83, referer: http://m.meteoviso.es/
[Wed Dec 07 23:07:21.760032 2022] [php7:notice] [pid 2564] [client 88.29.162.32:64354] PHP Notice:  A non well formed numeric value encountered in /var/www/html/CU-defs.php on line 83, referer: http://m.meteoviso.es/
[Wed Dec 07 23:08:10.065793 2022] [mpm_prefork:notice] [pid 2542] AH00169: caught SIGTERM, shutting down
[Wed Dec 07 23:08:10.142406 2022] [ssl:emerg] [pid 2636] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/meteovisossl/meteoviso.es_ssl_certificate.cer and /etc/apache2/meteovisossl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed
[Wed Dec 07 23:14:13.534576 2022] [ssl:emerg] [pid 2913] AH02565: Certificate and private key www.meteoviso.es:443:0 from /etc/apache2/ssl/meteoviso.es_ssl_certificate.cer and /etc/apache2/ssl/_.meteoviso.es_private_key.key do not match
AH00016: Configuration Failed

El Viso del Alcor

Desconectado CarlosLSev

  • Sr. Member
  • ****
  • Mensajes: 300
    • Ver Perfil
    • Meteoviso
  • Estación: El Viso del Alcor ESAND4100000041520A
Re:Ayuda con renovación certificado SSL
« Respuesta #5 en: 08 de Diciembre del 2022, 00:11:22 am »
Solucionado, cosas raras de la informática lo que puse ultimo es correcto, pero tras revocar certificado
Descargar la clave privada .key y luego los otros 2 certificados. Así funciona perfectamente  :;
_.meteoviso.es_private_key.key
meteoviso.es_ssl_certificate.cer
_.meteoviso.es_ssl_certificate_INTERMEDIATE.cer

Y mira que lo hice los 3 a la vez pero no sabia que había que desargarselo en ese orden.
Gracias!!!
El Viso del Alcor