Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.topfabric.co.uk

I ran this command:

It produced this output:

My web server is (include version): apache 2.4.23

The operating system my web server runs on is (include version):Amazon Linux AMI 2018.03

My hosting provider, if applicable, is:AWS jetware lamp

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): ./certbot-auto --version = certbot 0.35.1

https://www.ssllabs.com/ssltest/analyze.html?d=topfabric.co.uk - gives “A”
https://www.ssllabs.com/ssltest/analyze.html?d=www.topfabric.co.uk - gives “A”

I made the certificate using:
./certbot-auto certonly --webroot -w /jet/app/www/default/ -d topfabric.co.uk -d www.topfabric.co.uk

Copied these lines into my topfabric.conf

Let’s Encrypt

SSLCertificateFile “/etc/letsencrypt/live/topfabric.co.uk/fullchain.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/topfabric.co.uk/privkey.pem”
SSLCACertificateFile “/etc/letsencrypt/live/topfabric.co.uk/fullchain.pem”

Tests all appear to run okay, but if I try and visit https://www.topfabric.co.uk I get a 403 forbidden.

Any help would be very welcome!

Hi @mmedia

checking your domain there is the following result ( https://check-your-website.server-daten.de/?q=topfabric.co.uk ):

http works, https has the correct certificate

CN=topfabric.co.uk
	05.07.2019
	03.10.2019
expires in 89 days	
topfabric.co.uk, www.topfabric.co.uk - 2 entries

but the http status 403 - Forbidden.

And

it's your first Letsencrypt certificate.

So your port 443 vHost is wrong.

Compare your port 80 vHost with your port 443 vHost.

And there are different headers:

A Info: Different Server-Headers found

http:

Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2h mod_fcgid/2.3.9 PHP/5.6.24

https:

Server: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips

But the ip is the same. Looks like your new vHost doesn't work.

Thanks a lot for your help, I’ll see if I can find anything wrong with the vHosts.

Okay, after checking through my vhost ssl config I found the problem and sorted it. Once that was rectified and apache restarted, everything sparked into life.

For other AWS Jetware Lamp users: Put the certificate paths in extra/httpd-ssl.conf with your 443 virtualhost details and make sure ec2-user can read the /live certificates. Worked for me!

Thanks so much for pointing me in the right direction.

cheers

Ah, interesting, good to know. Rechecked your domain, now there is ony one server header:

Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2h mod_fcgid/2.3.9 PHP/5.6.24

Looks like there runs a standard Amazon instance. If that instance has access to the files, it sends the header of the local instance.

If not, that's blocked and the standard Amazon header is sent.

Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.