Certbot certificate installed but https not working

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bbgatest.com

I ran this command: https://bbgatest.com/index.php

It produced this output: I got the warning screen and a message that the certificate is only valid for ip-10-0-0-75.ec2.internal. It sounds like it isn’t finding the letsencrypt certs.

My web server is (include version): AWS Linux 2

The operating system my web server runs on is (include version): Linux2

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot 0.31.0

the /etc/httpd/conf.d/ssl.conf file listens to 443. EC2 instance also listens to HTTPS/443. The httpd.conf file has:
<VirtualHost *.80>
DocumentRoot “/var/www/html/Clients/BBGA”
ServerName “bbgatest.com
ServerAlias “www.bbgatest.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.bbgatest.com [OR]
RewriteCond %{SERVER_NAME} =bbgatest.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

and at the end of the file
Include /etc/httpd/conf/httpd-le-ssl.conf and that file contains:

<VirtualHost *.80:443>
DocumentRoot “/var/www/html/Clients/BBGA”
ServerName “bbgatest.com
ServerAlias “www.bbgatest.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/bbgatest.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bbgatest.com/privkey.pem

Any help you can provide in resolving is appreciated.

david

Hi @dabrjn

that’s wrong. That must be

<VirtualHost *:443>

You have created one certificate:

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
911719157 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-14 15:33:09 2019-08-12 15:33:09 bbgatest.com
1 entries duplicate nr. 1

But the certificate has only one domain name.

And your www version

Host T IP-Address is auth. ∑ Queries ∑ Timeout
bbgatest.com A 54.86.151.202 yes 1 0
AAAA yes
www.bbgatest.com A yes 11 0
AAAA yes

has no dns entry. So the alias doesn’t work (but that’s not an error).

But: Really “” around? Normally it’s something like

ServerName bbgatest.com
ServerAlias www.bbgatest.com
1 Like

Hi Juergen,

I don’t know how the 80 got in the file, but removed it and https is now working just fine.

The quotes around the server name aliases don’t make a difference. I must have picked up that habit from looking at another VirtualHost entry in years past.

Never got around to a cert for the www url. I’m not concerned about that for the time being.

I do thank you for your amazingly prompt response.

David

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.