Problem
When provisioning Terraform Enterprise (TFE) using the automated installer, the installation may complete with a self-signed certificate from Replicated instead of the custom SSL certificate you provided.
Cause
This issue typically occurs when the hostname configured for the TFE instance does not match the common name or a subject alternative name (SAN) specified in the custom SSL certificate. The system journal logs will contain an error message similar to the following, indicating a name mismatch.
certificate is valid for tfe.prod.example.com, not tfe.staging.example.com
This error indicates that while the certificate is valid, it was issued for a different hostname than the one used by your TFE instance.
Solution
To resolve this issue, you must replace the incorrect SSL certificate with a new one that is valid for the hostname of your Terraform Enterprise instance. You will need to generate a new certificate that correctly lists the TFE hostname and follow the documented procedure to apply it.
Outcome
After you replace the certificate, Terraform Enterprise will load successfully with the correct custom SSL certificate, securing communication to the instance.