Topic: SME 10.1 and GoDaddy SSL

[dallas]

I'm having a problem updating my expired GoDaddy SSL certificates using Server Manager.
I have also noticed that the server.crt and server.key sections are the same.

I have found Certificate Concepts page in the wiki and it references another page, Certificate Intergration GoDaddy Certificate. This page relates to 7.5.1 and says it should relate to SME 8 and 9.

I tried to copy and paste the new GoDaddy keys into Server Manager and I lost contact with my server and had to use signal-event certificate-revert to recover.

Am I missing something, or should I just use command line and put the files in the correct place?

[Stefano]

please, post the output of

Code: [Select]

config show modSSL


[dallas]

[root@www home]# config show modSSL
modSSL=service
    CommonName=haggar.id.au
    TCPPort=443
    access=public
    status=enabled

[Stefano]

ok.. do you have the key, cert and chain cert?

your config should look like this:

Code: [Select]

[root@sme9 ~]# config show modSSL
modSSL=service
    CertificateChainFile=/etc/dehydrated/certs/mind-at-work.it/chain.pem
    TCPPort=443
    access=public
    crt=/etc/dehydrated/certs/mind-at-work.it/cert.pem
    key=/etc/dehydrated/certs/mind-at-work.it/privkey.pem
    status=enabled


[dallas]

GoDaddy provides the following files.

********.crt
********.pem
and a gd_bundle-g2-g1.crt

I assume that the key file is the .crt, the .pem is obvious, where does the gd-bundle fit?

[Stefano]

check your files, the first line in key is

Code: [Select]

-----BEGIN PRIVATE KEY-----

the bundle file contains all the certificate chain, so from the CA one to the server one, with one or more intermediate cert

I have a godaddy cert here from a customer of mine, will check on a test machine..
anyway, it seems to me you don't have the key

[dallas]

check your files, the first line in key is

Code: [Select]

-----BEGIN PRIVATE KEY-----

the bundle file contains all the certificate chain, so from the CA one to the server one, with one or more intermediate cert

I have a godaddy cert here from a customer of mine, will check on a test machine..
anyway, it seems to me you don't have the key

I think you are correct about the key. This is a new server since the last SSL update and GoDaddy says to get a new key. I have requested a rekey and will see how that goes.