Cert doesnt reflect

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dealybuy.com

I ran this command:acme.sh --issue -d dealybuy.com -w /home/wwwroot/dealybuy.com

It produced this output:

My web server is (include version):apache version:2.2.34

The operating system my web server runs on is (include version):linux x86_64 architecture

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):Not as root but i can access the shell the provider has SNI

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): version 60

All you have done is generate the certificates, you need to configure your Apache site now with the SSL certificates and a redirect from port 80 to port 443.

1 Like

Yes please thanks for the timely response now how do i configure and redirect the apache site with the ssl i seem not to find these instructions.

1 Like

Post your current site/vhost config here. /etc/apache2/sites-available/yoursite

I am going offline now, South Africa and it’s closing in on 6pm for me so time to down tools. Here’s an example that may help you. And of course once you modify your vhost remember to restart apache.

# SSL CONFIG PORT 443
# ###################

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
	ServerName mydomain.com www.mydomain.com
	ServerAdmin webmaster@mydomain.com
	RewriteEngine On
		DocumentRoot /var/www/html/mydomain.com
		LogLevel info ssl:warn
		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined
 
 		# Set the HTTP Strict Transport Security (HSTS) header to guarantee
    	Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

     	# Prevent clickjacking
    	Header set X-Frame-Options "SAMEORIGIN" 

    	# Prevent mime based attacks
    	Header set X-Content-Type-Options "nosniff"

		<Directory "/var/www/html">
    		AllowOverride All
    		Options FollowSymLinks
  		</Directory>

		SSLEngine on
		SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
		SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
		SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/chain.pem

    	<Directory "/var/www/html">
      		SSLOptions +StdEnvVars
    	</Directory>

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>

		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>
	</VirtualHost>
</IfModule>

# PORT 80 CONFIG
# ##############

<VirtualHost *:80>
	ServerName mydomain.com www.mydomain.com
	ServerAdmin webmaster@mydomain.com
	DocumentRoot /var/www/html/mydomain.com

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

</VirtualHost>

and then test your site at

http://www.redirect-checker.org/index.php

https://www.ssllabs.com/ssltest/

https://www.whynopadlock.com/

1 Like

the challange i am on a shared host server that has SNI i dont have root access and i dont think i can acess the config files or restart the server
cant i configure it without a restart required?

No, in that case you probably don’t have permission to install your certificates without the host’s assistance.

1 Like

How would i go about it if i don’t have the hosts assistance ?

You can’t. This is an inherently administrative operation which an individual shared hosting user can’t do without the host’s permission.

Your certificate just says that you’ve proven to a certificate authority that you control the domain name, and that you use a certain encryption key. However, that’s separate from making your web server serve your site via HTTPS, which only the host has the power to do. The host would need to use the certificate as part of this configuration in order to prevent users from getting security errors in their browser when they access the site, but the certificate doesn’t somehow force your host to serve your site in HTTPS, nor allow you to do so without the host’s assistance.

You could switch hosts or plans, or double-check whether you have a control panel interface that allows you to upload third-party certificates (which some hosts offer, but definitely not all).

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.