change hostname and "Your connection is not private" error.

[hack3rcon]

Hello,
When I installed CentOS 8, I selected the default option about "localhost.localdomain", but I changed the hostname and host files as below:

Code: Select all

# cat /etc/hostname
#localhost.localdomain
mydomainname.net

And:

Code: Select all

# cat /etc/hosts
#127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

My-Website-IP   www.mydomainname.net    mydomainname.net

After it, when I want browse my website then "Your connection is not private" appeared. Why?
How can I solve it?
Is it because of below lines in "ssl.conf" file:

Code: Select all

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Thank you.

[hack3rcon]

Any idea?

[BShT]

you can´t certificate yourself

You need to buy a certificate and someone else will certificate you

that´s exactly what a certificate is

PS: file name localhost crt and key means nothing

[hack3rcon]

you can´t certificate yourself

You need to bye a certificate and someone else will certificate you

that´s exactly what a certificate is

PS: file name localhost crt and key means nothing

Thank you for your reply.
I changed the host name and I guess it was my mistake.
Apache tell me:

Code: Select all

AH01909: www.mydomain.net:443:0 server certificate does NOT include an ID which matches the server name

I removed the localhost.crt and key file and generated a new key:

Code: Select all

#hostname
mydomain

*** openssl req -newkey rsa:2048 -nodes -keyout <hostname>.key -out <hostname>.csr***

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/mydomain.key -out /etc/ssl/certs/mydomain.crt

After it:

Code: Select all

# openssl x509 -in /etc/ssl/certs/mydomain.crt -noout -subject
subject=C = IT, ST = Mila, L = Mila, O = MEMy, OU = IT, CN = mydomain.net, emailAddress = info@mydomain.net

Then I changed the "ServerName" values into "httpd.conf" and "ssl.conf" to "ServerName mydomain.net" and added below lines to "ssl.conf:

Code: Select all

SSLCertificateFile /etc/ssl/certs/mydomain.crt
SSLCertificateKeyFile /etc/pki/tls/private/mydomain.key

Code: Select all

# cat /var/log/httpd/ssl_error_log
[Thu Sep 03 16:58:45.445365 2020] [ssl:warn] [pid 445433:tid 139731798190400] AH01906: mydomain.net:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Sep 03 16:58:45.501454 2020] [ssl:warn] [pid 445433:tid 139731798190400] AH01906: mydomain.net:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

What is my mistake? Which one is wrong?
My WordPress website can't up with http protocol too

[BShT]

you can´t certificate yourself

You need to buy a certificate and someone else will certificate you

[TrevorH]

Or use Letsencrypt.

Also, you could try reading the error messages. It clearly states what is wrong with the cert you have just created.

AH01906: mydomain.net:443:0 server certificate is a CA certificate

[hack3rcon]

I want to use Letsencrypt.
My web site name is "mydomain.net" ==> It is an example.
When I installed the CentOS 8, I left the domain setting default (localhost.localdomain) and I installed and configured the LAMP and Letsencrypt. Everything worked correctly till I changed my "hostname" and "hosts" files as below:

Code: Select all

# cat /etc/hostname
#localhost.localdomain
mydomain

# cat /etc/hosts
#127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

"My Server IP"  mydomain.net mydomain

After it my server show me "Your connection is not private" error and I can't browse my website.
I googled and find a page that told it is because of "localhost.key" and "localhost.crt" files. because I changed the default hostname.
I removed these files and "certbot":

Code: Select all

# rm /etc/pki/tls/private/localhost.key
# rm /etc/pki/tls/private/mydomain.key

# rm /etc/ssl/certs/mydomain.crt
# rm /etc/ssl/certs/localhost.crt

And after it I used below command to generate a default key:

Code: Select all

/usr/libexec/httpd-ssl-gencerts

This command, generated "localhost" files and I want to configure my Virtual Host from start.
In "httpd.conf":

Code: Select all

ServerName mydomain.net

And Virtual Host file is as below:

Code: Select all

<VirtualHost *:80>
ServerAdmin root@localhost
ServerName mydomain.net
DocumentRoot /var/www/wordpress
<Directory "/var/www/wordpress">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common
</VirtualHost>

Is everything OK to use "certbot"?

[hack3rcon]

Is it OK?

[hack3rcon]

If someone remove "localhost" files from " /etc/pki/tls/private/" and "/etc/pki/tls/certs/" then it is not possible to regenerate them?

[hack3rcon]

No idea?