I have not had to setup a SSL cert manually before and I am stumbling through the process. My cert seems to be installed and working but my site is showing as untrusted. I have looked at multiple sources to find a solution but have not found one that resolves my issue.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: themagnoliadifference.com
I ran this command: certbot apache -d
It produced this output:
My web server is (include version): Apache
The operating system my web server runs on is (include version): Cent 7
My hosting provider, if applicable, is: Hostinger VPS
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Osiris
January 31, 2021, 3:56pm
2
That's probably not the command you actually ran, as that would give an error.
bpatton:
It produced this output:
We really need the actual output of certbot. If you don't have the terminal output any longer, you can find the logs in /var/log/letsencrypt/.
Also funny thing:
themagnoliadifference.com. 3600 IN A 83.136.219.183
Where 83.136.219.183 is indeed a Hostinger IP address.
While:
www.themagnoliadifference.com. 3600 IN CNAME ghs.googlehosted.com.
Which of course resolves to a Google hosting IP address..
So your apex domain is hosted somewhere else than your www subdomain? Weeeiiird..
1 Like
[root@themagnoliadifference ~]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -`Preformatted text`
Found the following certs:
Certificate Name: themagnoliadifference.com
Serial Number: 307d25d0a3f227cf5bf2d93221e58397e4d
Key Type: RSA
Domains: themagnoliadifference.com
Expiry Date: 2021-04-30 22:58:43+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/themagnoliadifference.com/fullchain. pem
Private Key Path: /etc/letsencrypt/live/themagnoliadifference.com/privkey.pe m
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@themagnoliadifference ~]#
Yes. I purchased the domain from Google and resolve to my VPS on Hostinger.
So you have created a valid certificate.
Try
certbot --reinstall -d themagnoliadifference.com -i apache
1 Like
See output below. I rebooted server and I am still receiving a untrusted site warning in Chrome.
[root@themagnoliadifference ~]# certbot --reinstall -d themagnoliadifference.com -i apache
How would you like to authenticate with the ACME CA?
1: Apache Web Server plugin (apache)
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1acme-v02.api.letsencrypt.org
Congratulations! You have successfully enabled https://themagnoliadifference.com
IMPORTANT NOTES:
So your apache configuration is buggy, there is again the self signed.
What says
apachectl -S
1 Like
[root@themagnoliadifference ~]# apachectl -Sthemagnoliadifference.com (/etc/httpd/conf.d/ssl.conf:56)themagnoliadifference.com (/etc/httpd/conf.d/ssl.conf:56)themagnoliadifference.com (/etc/httpd/conf.d/themagnoliadifference.com-le-ssl.conf:2)themagnoliadifference.com themagnoliadifference.com (/etc/httpd/conf.d/themagnoliadifference.com.conf:1)
There is your buggy configuration.
Two port 443 vHosts with the same domain name. Merge both in one, remove the other.
2 Likes
system
March 2, 2021, 4:28pm
12
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.