Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: vallabh.codes
I ran this command: sudo apachectl status
It produced this output:
/usr/sbin/apachectl: 113: www-browser: not found
'www-browser -dump http://localhost:80/server-status' failed.
Maybe you need to install a package providing www-browser or you
need to adjust the APACHE_LYNX variable in /etc/apache2/envvars
My web server is (include version): apache2
The operating system my web server runs on is (include version): Ubuntu 20.04 LTS
My hosting provider, if applicable, is: Digitalocean
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.4.0
I have hosted a django project on a droplet on digital ocean. This is my first time hosting a project on a server.
I generated the certificate and it worked initially for few minutes. But now it shows 403 forbidden. Please help
Hi @vallabhtiwari, and welcome to the LE community forum
Then the certificate should be good.
So, what happened with Apache after that time?
Can you revert the Apache configuration?
If not, can you uninstall and then reinstall it?
Hi @rg305 , thanks. I reinstalled all my configurations. Right now www.vallabh.codes is working but not vallabh.codes . Previously both worked for few minutes. I followed these instructions. Am I missing something in the ssl certificate generation?
Thank you!! Also how can I confirm that http traffic will be redirected to https
It did not ask during the setup. But in youtube tutorials, old I guess it used to ask. Like a status command or something
@vallabhtiwari It looks like your HTTP to HTTPS redirects are now working for both of your domain names. So, the only thing that is not working is if someone tries HTTPS for vallabh.codes. This will fail because your certificate only has your www.vallabh.codes domain name in it and it must have both of these names.
You should redo your original cert request including both names
Here's what is not working right now
curl -I https://vallabh.codes
curl: (60) SSL: no alternative certificate subject name matches target host name 'vallabh.codes'
More details here: https://curl.se/docs/sslcerts.html
But if they start with HTTP it works fine (b/c it redirects to www)
curl -IL http://vallabh.codes
HTTP/1.1 301 Moved Permanently
Server: Apache/2.4.41 (Ubuntu)
Location: http://www.vallabh.codes/
HTTP/1.1 301 Moved Permanently
Server: Apache/2.4.41 (Ubuntu)
Location: https://www.vallabh.codes/
HTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
<VirtualHost *:80>
ServerName vallabh.codes
Redirect permanent / http://www.vallabh.codes/
</VirtualHost>
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName www.vallabh.codes
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.vallabh.codes
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
And for 443
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName www.vallabh.codes
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
Alias /static /path
<Directory /path>
Require all granted
</Directory>
Alias /media /path
<Directory /path>
Require all granted
</Directory>
<Directory /path>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess proj python-home=/path python-path=/path/proj
WSGIProcessGroup proj
WSGIScriptAlias / /path/wsgi.py
SSLCertificateFile /path.pem
SSLCertificateKeyFile /path.pem
Include /path/options-ssl-apache.conf
</VirtualHost>
</IfModule>
The problem I described in post #13 still exists. You still need to get a cert with both domain names in it.
But, from your latest info I see you are using WSGI along with the certbot --apache plug-in. That won't work well. You should use the --webroot / -w options instead.
Please show output of this and we can provide format for this new command:
Found the following certs:
Certificate Name: www.vallabh.codes
Serial Number: 3fa389190a66470c21b4a63eef75798a4bc
Key Type: ECDSA
Domains: www.vallabh.codes
Expiry Date: 2023-06-25 11:16:59+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/www.vallabh.codes/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.vallabh.codes/privkey.pem
How can I generate for vallabh.codes ? Before generating the certificate I had only one config file in which I had mentioned my ServerName www.vallabh.codes. The certbot created one for port 443.
