SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/german-samplife.de/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/german-samplife.de/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/german-samplife.de/chain.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/german-samplife.de/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/german-samplife.de/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/german-samplife.de/chain.pem
Include /etc/letsencrypt/options-ssl-apache.conf
The SSLCertificateChainFile /etc/letsencrypt/live/german-samplife.de/chain.pem doesn’t seem to be working, SSL Labs shows that the certificate chain is incomplete.
Is there anything in your apache error log that would indicate apache fails to load that file? Could you post the contents of /etc/letsencrypt/live/german-samplife.de/chain.pem just in case?
Did you manually configure your apache to enable SSL, or did you use certbot’s apache plugin?
Can you post the exact certbot command you used? The Include /etc/letsencrypt/options-ssl-apache.conf line indicates that you used the apache plugin, which would automatically configure your apache for SSL. However, the cipher suites listed by SSL Labs don't seem to match what one would expect from an apache configuration created by certbot (for example, SSLv3 and RC4 ciphers are enabled). Any chance you made manual modifications to your configuration, or that you had SSL enabled prior to running certbot? In that case, posting all relevant config files might help us find the issue.
Well, i dont remember what command i used.
I followed a tutorial from the official certbot website.
I added the line “/etc/letsencrypt/options-ssl-apache.conf” by myself.
I do have full root access to the server and can do every changes that will be needed.
Actualy my knowledge about this isnt that much (like my english, iam sorry) so which config files do you want me to post?
I see, that probably indicates you used certbot in certonly mode, where you'd configure apache yourself.
I think all files that could be relevant ought to have at least a SSLCertificateFile line, so if you post all files that are found by this command, we should be able to figure this out: grep "SSLCertificateFile" /etc/apache2 -r
Well i fixed it now.
The file “default-le-ssl.conf” where automaticly created when i created the ssl-certificate. The file was going with “VirtualHost *:443” so i was wondering about the port and tried to connect to “https://german-samplife.de:443” from my android phone via google chrome. And it worked. Now i just copied this default file to make a new one with port 80, and it works fine.
So maybe for the google users under us check the sites-enabled/sites-aviable config and try to use the default config.
Thanks to pfg, without your messages i think i would have give up