Certbot certificate is done but https is not working


#1

My domain is: domain.com

I ran this command: sudo certbot certificates

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: www.domain.com
Domains: www.domain.com
Expiry Date: 2018-10-04 13:34:50+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.domain/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.domain.com/privkey.pem
Certificate Name: domain.com
Domains: domain.com
Expiry Date: 2018-10-04 13:34:32+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/domain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.com/privkey.pem

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-124-generic x86_64)

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Certificate is working but when try to reach www.domain.com/ it causes an error with security
This website is on wordpress, and I think there is hard redirect to https

  1. I don’t know how to turn off this redirection to even get the website
  2. https is not working

Thank you in advance!


#2

That’s because it’s using the certificate for hawk-igpspunchclock.com, which is different. You’d probably be better off putting both names on a single cert, rather than on two separate certs.


#3

so should I create certificate
sudo certbot --apache certonly -d hawk-igpspunchclock.com -d www.hawk-igpspunchclock.com
and then delete two certs that I created before?


#4

Yes, one certificate with two names.


#5

Did as you told me to do, but nothing changed.
At least, I found the way to reach http://
But that didn’t help me


#6

You have three certificates created today

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:www.hawk-igpspunchclock.com&lu=cert_search
This

https://transparencyreport.google.com/https/certificates/ua3N5CNDpJqY1ZLW8VJwQZScM5V7Ln4Dwx0iLLiaC%2BA%3D

is correct, with two names

hawk-igpspunchclock.com
www.hawk-igpspunchclock.com

Now you have to install this certificate. You used certonly, so you must install the certificate manual.


#7

This is my “ggvhost-le-ssl.conf” file. What did I do wrong?

    <IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName www.hawk-igpspunchclock.com
  ServerAlias hawk-igpspunchclock.com
  DocumentRoot /var/www/hawki
  <Directory "/var/www/hawki">
    AllowOverride All
    Options -Indexes +FollowSymLinks -Multiviews
    Require all granted
  </Directory>
  #ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/goodguysbuilders/$1
  #DirectoryIndex     index.html index.php
  AccessFileName     .htaccess
  HostnameLookups    Off
  ErrorLog           /var/www/logs/hawki_error.log
  LogLevel           debug
  LogFormat          "%h %V %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %T %{mod_php_memory_usage}n" combineddebug
  CustomLog          /var/www/hawki_access.log combineddebug
  ServerSignature    On
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/hawk-igpspunchclock.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/hawk-igpspunchclock.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Maybe this will help you to understand smthing:
I ran this command: sudo apachectl configtest
It produced this output:
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 10.1.16.2. Set the ‘ServerName’ directive globally to suppress this message
Syntax OK


#8

If I know it correct (don’t use Apache), you have to reload / restart Apache to use these informations.

If it is wrong, then these two files are wrong.

Look in /etc/letsencrypt/live/, there should be another folder with the correct certificate. There is a command like “certbot certificates” to see which certificates exists.


#9

sudo certbot certificates

Found the following certs:
  Certificate Name: www.hawk-igpspunchclock.com
    Domains: hawk-igpspunchclock.com www.hawk-igpspunchclock.com
    Expiry Date: 2018-10-04 14:00:42+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/www.hawk-igpspunchclock.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.hawk-igpspunchclock.com/privkey.pem
  Certificate Name: hawk-igpspunchclock.com
    Domains: hawk-igpspunchclock.com
    Expiry Date: 2018-10-04 13:34:32+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/hawk-igpspunchclock.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/hawk-igpspunchclock.com/privkey.pem

And this is what inside /live folder:
(There are two folders, www.hawk-igpspunchclock.com and hawk-igpspunchclock.com, in every of them there are these files)
cert.pem chain.pem fullchain.pem privkey.pem README


#10

This is your answer. Use these paths and filenames in your config-file.


#11

I am so sorry, but I do use them in my config file, aren’t me?
I changed that two lines on this:

  SSLCertificateFile /etc/letsencrypt/live/hawk-igpspunchclock.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/hawk-igpspunchclock.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/hawk-igpspunchclock.com/fullchain.pem

I fight against the wall with my head, but I absolutely do not understand what I need to do


#12

Hmm, something happened and in config file I changed “/hawk-igpspunchclock.com/” to “/www.hawk-igpspunchclock.com/” and it is working.
Maybe I need to write one more block for hawk-i without www, but fact is fact.

Thank you for your big help, that was awesome


#13

Now your certificate is correct. You are using the new certificate with two names

DNS-Name: hawk-igpspunchclock.com
DNS-Name: www.hawk-igpspunchclock.com

But you should fix the mixed content warnings. Chrome or FireFox, then CTRL + Shift + I, then open the console. There are errors:

http://ajax.googleapis.com/ajax/libs/webfont/1.4.7/webfont.js?ver=1.4.7

http://www.hawk-igpspunchclock.com/wp-content/… [skipped]


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.