Cannot install certbot on RHEL; Broken Packages

Hi there,

It’s my first time of using Let’s Encrypt and I’m trying to install certbot on my AWS EC2 Instanse but it cannot be done.

I’ve walked through this steps https://certbot.eff.org/lets-encrypt/centosrhel7-nginx, but stopped at Step 4

My domain is: http://leo-micro.tk

I ran this command:

$ sudo yum install certbot python2-certbot-nginx

It produced this error message:

Error: Package: python2-acme-0.37.2-1.el7.noarch (epel-testing)
           Requires: pyOpenSSL >= 0.13.1
           Available: python26-pyOpenSSL-0.10-2.8.amzn1.x86_64 (amzn-main)
               pyOpenSSL = 0.10-2.8.amzn1
Error: Package: python2-six-1.9.0-0.el7.noarch (epel)
           Requires: python-six >= 1.9.0
           Available: python26-six-1.8.0-1.23.amzn1.noarch (amzn-main)
               python-six = 1.8.0-1.23.amzn1
Error: Package: python2-requests-2.6.0-0.el7.noarch (epel)
           Requires: python-requests >= 2.6.0
           Installing: python26-requests-1.2.3-5.10.amzn1.noarch (amzn-main)
               python-requests = 1.2.3-5.10.amzn1
Error: Package: python2-josepy-1.2.0-1.el7.noarch (epel)
           Requires: python2-cryptography
Error: Package: python2-acme-0.37.2-1.el7.noarch (epel-testing)
           Requires: python2-pyasn1
Error: Package: python2-six-1.9.0-0.el7.noarch (epel)
           Requires: python-six >= 1.9.0
           Installing: python26-six-1.8.0-1.23.amzn1.noarch (amzn-main)
               python-six = 1.8.0-1.23.amzn1
Error: Package: python2-acme-0.37.2-1.el7.noarch (epel-testing)
           Requires: pyOpenSSL >= 0.13.1
           Installing: python26-pyOpenSSL-0.10-2.8.amzn1.x86_64 (amzn-main)
               pyOpenSSL = 0.10-2.8.amzn1
Error: Package: python2-certbot-0.37.2-1.el7.noarch (epel-testing)
           Requires: python2-cryptography
Error: Package: python2-josepy-1.2.0-1.el7.noarch (epel)
           Requires: python2-setuptools
Error: Package: certbot-0.37.2-1.el7.noarch (epel-testing)
           Requires: systemd
Error: Package: python2-acme-0.37.2-1.el7.noarch (epel-testing)
           Requires: python2-cryptography
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

PS: I’ve also tried --skip-broken flag and it seems that it’s not working since I cannot execute certbot.

My web server is (include version): nginx/1.14.1

The operating system my web server runs on is (include version): Red Hat 7.2.1-2

My hosting provider, if applicable, is: AWS EC2 Amazon Linux AMI 2018.03

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): It cannot be installed yet

Welcome to this forum,

Could you please try to update your system by running yum -y update and see if there are any available updates?

Also calling @juergenauer since i won’t be able to reply in the next 3 hours.

Thank you

Thank you steven,

I ran this command three days ago and it said that all packages are up to date, but when I run it now I’ve got this error message

Error: Package: iproute-4.4.0-3.23.amzn1.x86_64 (installed)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: subversion-1.9.7-1.58.amzn1.x86_64 (@amzn-main)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: rpm-4.11.3-21.75.amzn1.x86_64 (installed)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: ruby20-libs-2.0.0.648-1.32.amzn1.x86_64 (@amzn-updates)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: pam-1.1.8-12.33.amzn1.x86_64 (installed)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: subversion-libs-1.9.7-1.58.amzn1.x86_64 (@amzn-main)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: libdb4 conflicts with filesystem-2.4.30-3.8.amzn1.x86_64
Error: Package: rpm-build-libs-4.11.3-21.75.amzn1.x86_64 (installed)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: python27-libs-2.7.16-1.129.amzn1.x86_64 (@amzn-updates)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: cyrus-sasl-lib-2.1.23-13.16.amzn1.x86_64 (installed)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: rpm-build-4.11.3-21.75.amzn1.x86_64 (@amzn-main)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: sendmail-8.14.4-9.14.amzn1.x86_64 (installed)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: rpm-libs-4.11.3-21.75.amzn1.x86_64 (installed)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: pam_ccreds-10-4.9.amzn1.x86_64 (installed)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: rpm-4.11.3-21.75.amzn1.x86_64 (installed)
           Requires: /usr/bin/db_stat
           Removing: db4-utils-4.7.25-18.11.amzn1.x86_64 (installed)
               Not found
           Obsoleted By: libdb4-utils-4.8.30-13.el7.x86_64 (epel)
               Not found
Error: Package: cyrus-sasl-2.1.23-13.16.amzn1.x86_64 (installed)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: libserf-1.3.7-1.7.amzn1.x86_64 (@amzn-main)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: rpm-python27-4.11.3-21.75.amzn1.x86_64 (installed)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: python26-2.6.9-2.89.amzn1.x86_64 (@amzn-main)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
Error: Package: apr-util-1.5.4-6.18.amzn1.x86_64 (@amzn-main)
           Requires: libdb-4.7.so()(64bit)
           Removing: db4-4.7.25-18.11.amzn1.x86_64 (installed)
               libdb-4.7.so()(64bit)
           Obsoleted By: libdb4-4.8.30-13.el7.x86_64 (epel)
              ~libdb-4.8.so()(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

CC @JuergenAuer

Hi @LouayH

I'm not so firm with such installation problems. But there (11 days)

@schoen wrote:

One important thing to know is that Certbot is currently not supported on Amazon Linux , so users should probably either use it via Docker or switch to a different client.

Checked your domain you don't have an older certificate, so there was no older working configuration.

Perhaps check acme.sh.

1 Like

Hi @JuergenAuer,

Yes, it seems an issue with Amazon Linux, and many thanks for referring me to acme.sh.

Do me a favor and help me get it working, as I’m new to managing servers

I’ve completed steps mentioned here to issue a cert in a standalone mode, but it stills not working for me

Here is my nginx conf block

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name  leo-micro.tk;
    root         /usr/share/nginx/html;
	
    ssl_certificate /etc/letsencrypt/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/key.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;
	
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers on;
	
    add_header Strict-Transport-Security "max-age=63072000" always;
	
    ssl_stapling on;
    ssl_stapling_verify on;
	
    resolver 8.8.8.8;
}

You can see that my domain is working as http://leo-micro.tk/ but not as https://leo-micro.tk/

Should I issue a cert in webroot instead of standalone mode?
Is /usr/share/nginx/html my webroot?

You have created a certificate - https://check-your-website.server-daten.de/?q=leo-micro.tk#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-09-03 2019-12-02 leo-micro.tk
1 entries duplicate nr. 1

So that part has worked. It’s “only” an installation problem.

Did you use the --install-cert option? Are the certificate paths correct?

What says

nginx -T

nginx -T says

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    index   index.html index.htm;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  localhost;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        # redirect server error pages to the static page /40x.html
        #
        error_page 404 /404.html;
            location = /40x.html {
        }

        # redirect server error pages to the static page /50x.html
        #
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        # It is *strongly* recommended to generate unique DH parameters
#        # Generate them with: openssl dhparam -out /etc/pki/nginx/dhparams.pem 2048
#        #ssl_dhparam "/etc/pki/nginx/dhparams.pem";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#        ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}


# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    application/font-woff                            woff;
    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/leo-micro.tk.conf:
upstream easyio {
        ip_hash;
        server localhost:8080;
        server localhost:8081;
}

server {
        listen       80;
        listen       [::]:80;
        server_name  leo-micro.tk;
        root         /home/leo/easyio/public;

        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        location /socket.io/ {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            proxy_pass "http://easyio/socket.io/";
        }

        location /api/ {
             proxy_pass "http://easyio/api/";
        }


        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name  leo-micro.tk;
    # default route for static files if not configured in / location
    root         /usr/share/nginx/html;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /etc/letsencrypt/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/key.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
    # ssl_dhparam /path/to/dhparam.pem;

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    # replacewith the IP address of your resolver
    resolver 8.8.8.8;
}

# configuration file /etc/nginx/conf.d/virtual.conf:
#
# A virtual host using mix of IP-, name-, and port-based configuration
#

#server {
#    listen       8000;
#    listen       somename:8080;
#    server_name  somename  alias  another.alias;

#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}

Yes, I’ve used --install-cert, and that what I got

acme.sh --install-cert --domain leo-micro.tk --cert-file /etc/letsencrypt/cert.pem --key-file /etc/letsencrypt/key.pem --fullchain-file /etc/letsencrypt/fullchain.pem --reloadcmd "service nginx reload"

[Tue Sep  3 20:53:42 UTC 2019] Installing cert to:/etc/letsencrypt/cert.pem
[Tue Sep  3 20:53:42 UTC 2019] Installing key to:/etc/letsencrypt/key.pem
[Tue Sep  3 20:53:42 UTC 2019] Installing full chain to:/etc/letsencrypt/fullchain.pem
[Tue Sep  3 20:53:42 UTC 2019] Run reload cmd: service nginx reload

I’ve tried cert.pem as ssl_certificate in nginx configuration but I get this error on service nginx reload

nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/letsencrypt/cert.pem"

So I changed it to fullchain.pem, and nginx reloaded without errors, although cert.pem and fullchain.pem are exist in the same directory.

Does your server work internal?

curl https://leo-micro.tk/

I did a research about this problem and found that I should allow HTTPS inbound to AWS EC2 Instance and now It’s working https://leo-micro.tk/

@JuergenAuer Thank you very much for your help.

2 Likes

Yep, that’s required.

Now you have a new certificate

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-09-03 2019-12-02 leo-micro.tk
1 entries duplicate nr. 1

Happy to read that it has worked. :+1:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.