A serious problem with certbot on centos 7


#1

hi all why i got no success i got it : ```
https://www.ssllabs.com/ssltest/analyze.html?d=www.server-administrator.pl&latest


I do not know how to do it anymore

and I did everything according to the instructions and 
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7

not working good HELP !!!!!!!!!!

#2

Hi @igormaster

there is a certificate with localhost.localdomain as domain name. This isn’t a valide public domain name.

And I can’t find a certificate.

So please answer the following questions:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


#3

PS: Your main configuration (via https://check-your-website.server-daten.de/?q=server-administrator.pl )

Domainname Http-Status redirect Sec. G
http://server-administrator.pl/
185.69.197.55 200 0.150 H
http://www.server-administrator.pl/
185.69.197.55 200 0.083 H
https://server-administrator.pl/
185.69.197.55 200 5.623 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.server-administrator.pl/
185.69.197.55 200 5.703 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://server-administrator.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.69.197.55 404 0.127 A
Not Found
http://www.server-administrator.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.69.197.55 404 0.220 A
Not Found

is ok, /.well-known/acme-challenge sends a http status 404 if the file is unknown.

So it’s important to know your ACME-client (perhaps Certbot) and the command you have used.


#4

LOL how i it fix eeehhhhhhh


#5

I’m really asking for instructions as for a fool


#6

please, if you can look here, give here full access I’m not afraid of

AdminEdit: Don’t share account infos


#7

this is only my account my home computer test is okay


#8

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.server-administrator.pl or server-administrator.pl

I ran this command: yum install epel-release, yum install httpd mod_ssl python-certbot-apache, systemctl start httpd, systemctl status httpd, firewall-cmd --add-service=http, firewall-cmd --add-service=https,firewall-cmd --runtime-to-permanent, certbot --apache -d www.server-administrator.pl, certbot --apache.

It produced this output:

My web server is (include version): lastest

The operating system my web server runs on is (include version): lastest

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): YES YES YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): winscp putty

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): lastest cerbot


#9

Looks like your Certbot command didn’t work, because there

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:true;include_subdomains:true;domain:server-administrator.pl&lu=cert_search

is no certificate created.

Use (one time)

certbot --apache -d www.server-administrator.pl -d server-administrator.pl

to create a certificate.

If this doesn’t work, share the output. The command creates one certificate with two domain names.


#10

okayyyyyy thanx must work serious i am stupid yes yes certbot --apache -d www.server-administrator.pl -d serwer-administrator.p


#11

why why why


#12

There is your answer: You don’t have a vHost with your domain names.

So add one:

https://httpd.apache.org/docs/2.4/vhosts/examples.html

<VirtualHost *:80>
    DocumentRoot "YourDocumentRoot"
    ServerName server-administrator.pl
    ServerAlias www.server-administrator.pl
</VirtualHost>

#14

ok but where > http.conf or ssl.conf


#15

i have all okay my configs i go new instalation my centos 7 i got now
[root@localhost ~]# systemctl start httpd
Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.
[root@localhost ~]#


#16

after instalation i send you my configs ssl and http you see it may you detect my stupid steps


#17

i am using centos 7.6 yum update


#18

Port 80 isn’t ssl, you need a standard vHost, so Certbot knows what you want.


#19

okay i try now i am new copy centos 7.6 updated now i go install packs


#20

I’m okay at this step curl example.com


#21

[root@localhost ~]# certbot --apache -d server-administrator.pl -d www.server-administrator.pl
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel):iggrabowski.ut.server@gmail.com
<<<<<<is okay ?