Replaced SSL cert but Redmine is still using the expired cert

Keywords: Redmine - Installers - Technical issue - Secure Connections (SSL/HTTPS)

bnsupport ID: 92487251-21b5-a4b8-57b1-6f974eac4b66

Description:
I replaced my ssl cert files. They are supplied by my IT department which they purchased from a reputable CA (DigiCert, I think). At any rate, I followed the instructions shown here:

https://docs.bitnami.com/installer/apps/wordpress/administration/enable-https-ssl-apache/

I also made sure my server.crt, server.key, and server-ca.crt files were in PEM format before uploading. After installing and restarting Apache (and the entire server when that didn’t work), when I browse to my Redmine server, it is still showing the old certificate, so I’m getting expired cert messages. I’ve also tried on a web browser that has never been to this redmine instance and it also had the cert issue. I found a Bitnami article on testing the checksums between server.crt and server.key and both have the same checksum. I’m not seeing anything in the logs, either, so I don’t think there is a problem with loading these certs. I tried to locate a server cache that might explain this, but I can’t find that, either. What am I missing here?

I also should say that my production.log was too big to upload with the diagnostic tool. Do you want it? How do I supply it?

Hi @brett.ussher,

If you replaced these files

apache2/conf/bitnami/bitnami.conf
46:  SSLCertificateFile "C:/Bitnami/redmine-4.2.2-1/apache2/conf/server.crt"
47:  SSLCertificateKeyFile "C:/Bitnami/redmine-4.2.2-1/apache2/conf/server.key"

and restarted Apache, the new certificate should be properly loaded. Please ensure you replaced those files with the new certificates and restart Apache for the server to use them.

Thanks

Replace those lines with what? The files listed in those paths are the current and accurate cert and key.

Hi @brett.ussher,

Are those C:/Bitnami/redmine-4.2.2-1/apache2/conf/server.crt C:/Bitnami/redmine-4.2.2-1/apache2/conf/server.key the files you want to use? Note these are the paths of the example certificates. Did you replace them or are your certificates elsewhere?

Regards

Those are the right files. I renamed my files so they would match what the bitnami.conf file is expecting.

Hi @brett.ussher,

If you replaced the files and restarted Apache, the webserver should be using the new files. How are you validating that? Can you use an incognito window or a different browser to get the certificate information? Is that a public URL we can access to verify the certificates?

As you said, I replaced the certs and restarted not only Apache, but all four services. I checked using my usual browser and one that I only use for tests like this (I use Firefox as a test browser so I can clear all cache and other saved information without regret). The URL is… well, nevermind. I just visited the URL and the cert is working now. Weird. I waited two days before even opening this thread and it was still messed up. Well, no idea why it is working now, but don’t look a gift horse in the mouth. Thanks for your time.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.