John's Vademecum

Try to learn something about everything, and everything about something -Thomas Huxley “Darwin's bulldog” (1824-1895)

User Tools

Site Tools

You are here: My digital Commonplace Book » Public Area » 01 : Radio » 2025 Radio Topics » YaDDNet : VPS SSL Renewal
Trace: Sat 31/05/25 : Back On CW Hi-Mound HK-708 Key YaDDNet : New VPS AOR AR7030 Xeigu G90
public:radio:2025:yaddnet_ssl_renewal

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
public:radio:2025:yaddnet_ssl_renewal [15/03/25 07:11 GMT] – [Different intermediate CA.pem certificates] johnpublic:radio:2025:yaddnet_ssl_renewal [13/10/25 07:00 BST] (current) – [UPDATE ON TWO INTERMEDIATE CERTIFICATES 5/7/25] john
Line 2: Line 2:
  
  
-====== Yaddnet VPS SSL Renewal ======+====== YaDDNet : VPS SSL Renewal ======
  
 ** Renewed SSL certificates for 2025/6 ** ** Renewed SSL certificates for 2025/6 **
  
 +<note important>Read the final part about combining the 2 intermediate certificates!</note>
 ===== 15/03/25 : SSL certificates ===== ===== 15/03/25 : SSL certificates =====
  
Line 25: Line 26:
       * ''/usr/local/ssl/ca.pem.1''       * ''/usr/local/ssl/ca.pem.1''
       * ''/usr/local/ssl/ca.pem.2''       * ''/usr/local/ssl/ca.pem.2''
-      * copy ''ca.pem.1'' -> ''ca.pem''+      * copy ''ca.pem.2'' -> ''ca.pem''
     * Restart Apache     * Restart Apache
       * ''service apache2 restart''       * ''service apache2 restart''
Line 32: Line 33:
       * check site security       * check site security
  
-{{:public:radio:2025:screenshot_2025-03-15_064708.png?400|}}+{{:public:radio:2025:screenshot_2025-03-15_072557.png?400|}}
  
-  * swap ''ca.pem'' files (copy ''ca.pem.2'' -> ''ca.pem'')+  * swap ''ca.pem'' files (copy ''ca.pem.1'' -> ''ca.pem'')
   * Restart Apache   * Restart Apache
   * browse to [[https://www.yaddnet.org/index.php?]]   * browse to [[https://www.yaddnet.org/index.php?]]
Line 96: Line 97:
 </code> </code>
  
 +It appears that the certificate (ca.pem.2) from "Sectigo" has the longest validity, and that this is the more recent/appropriate one, so I've made it the certificate in use 
  
 +''sudo cp ca.pem.2 ca.pem''
 +
 +''sudo service apache2 restart''
 +
 +
 +
 +===== UPDATE ON TWO INTERMEDIATE CERTIFICATES 5/7/25 =====
 +
 +<note important>I've discovered that the 2 Intermediate Certificates are necessary to complete the //chain// of authority.
 +</note>
 +
 +
 +What should be done is to join them together into one //ca.pem// file (and in the correct order.... )
 +
 +**Don't rename the 2 files as ''ca.pem.1'' and ''ca.pem.2'' per the above  **
 +
 +Transfer them both with their **//original//** names and then ''cat'' them together
 +
 +<code bash>
 +
 +[root@yaddnet2:/home/g4slv/ssl]# cat 397A66CC2756362E0DAA87CA6EABE3B1.cer 7D5B5126B476BA11DB74160BBC530DA7.cer > ca.pem
 +
 +[root@yaddnet2:/home/g4slv/ssl]# cp ca.pem /usr/local/ssl
 +
 +[root@yaddnet2:/home/g4slv/ssl]# systemctl restart apache2
 +
 +</code>
 +
 +Check correct SSL operation at [[https://www.ssllabs.com/ssltest/analyze.html]]
  
  
Line 105: Line 136:
  
  
-{{tag>}}+{{tag>yaddnet radio}}
  
  
public/radio/2025/yaddnet_ssl_renewal.1742022671.txt.gz · Last modified: by john