Learn about Centmin Mod LEMP Stack today
Register Now

SSL Letsencrypt I keep getting SSL Error and How to Switch from Selfsigned to Letsencrypt SSL

Discussion in 'Domains, DNS, Email & SSL Certificates' started by radbrad, Aug 11, 2020.

  1. radbrad

    radbrad Member

    31
    3
    8
    Feb 15, 2020
    Ratings:
    +4
    Local Time:
    3:50 AM
    Please fill in any relevant information that applies to you:
    • CentOS Version:CentOS 7 64bit
    • Centmin Mod Version Installed:123.09beta01
    Yesterday I installed 5 websites to my server using the 22 option with self signed SSL and then used Cloudflare SSL selected to FULL.
    Now, 3 of my sites working fine except 2 websites where I'm getting the below error
    Previously I was not aware that I can install "Letsencrypt SSL" and installed Self signed SSL.
    Is it fine to have a self-signed SSL?

    My question: Is there a way to change the self-signed SSL to Letsencrypt SSL?

    Regards?
     
  2. Jon Snow

    Jon Snow Active Member

    568
    72
    28
    Jun 30, 2017
    Ratings:
    +121
    Local Time:
    7:20 PM
    Nginx 1.13.9
    MariaDB 10.1.31
  3. pamamolf

    pamamolf Premium Member Premium Member

    3,861
    379
    83
    May 31, 2014
    Ratings:
    +731
    Local Time:
    12:20 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    You can use:

    Code:
    /usr/local/src/centminmod/addons/acmetool.sh reissue-only yourdomain.com live
     
  4. eva2000

    eva2000 Administrator Staff Member

    45,459
    10,315
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,000
    Local Time:
    8:20 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    It's fine to use self-signed SSL behind Cloudflare Full SSL mode :) Just make sure the domains actually have cloudflare orange cloud proxy enabled in DNS and not disabled which bypasses cloudflare and goes direct to your nginx HTTPS which would then report invalid SSL cert in web browsers.
     
  5. eva2000

    eva2000 Administrator Staff Member

    45,459
    10,315
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,000
    Local Time:
    8:20 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    yes like @pamamolf mentioned, try acmetool.sh add reissue-only option for existing nginx HTTPS SSL vhosts with domain.com.ssl.conf vhost config files that exist. This only does reissue of letsencrypt SSL cert without touching the nginx vhost. Ideal for use when you tried creating a Nginx HTTPS SSL default vhost site but letsencrypt SSL issuance failed the first time. When it fails, Centmin Mod usually falls back to self-signed SSL as a place holder for the domain.com.ssl.conf vhost config. When you run:
    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./acmetool.sh reissue-only domain.com live
    

    It will only try reissuing the letsencrypt SSL certificate for the domain = domain.com for live production SSL certificate without touching any of the existing nginx vhost at domain.com.ssl.conf
     
  6. radbrad

    radbrad Member

    31
    3
    8
    Feb 15, 2020
    Ratings:
    +4
    Local Time:
    3:50 AM
    Thanks , This worked.