Certbot certificate is done but https is not working

19stz · July 6, 2018, 2:46pm

I ran this command: sudo certbot certificates

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: www.domain.com
Domains: www.domain.com
Expiry Date: 2018-10-04 13:34:50+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.domain/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.domain.com/privkey.pem
Certificate Name: domain.com
Domains: domain.com
Expiry Date: 2018-10-04 13:34:32+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/domain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.com/privkey.pem

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-124-generic x86_64)

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Certificate is working but when try to reach www.domain.com/ it causes an error with security
This website is on wordpress, and I think there is hard redirect to https

I don’t know how to turn off this redirection to even get the website
https is not working

Thank you in advance!

danb35 · July 6, 2018, 2:54pm

That's because it's using the certificate for hawk-igpspunchclock.com, which is different. You'd probably be better off putting both names on a single cert, rather than on two separate certs.

JuergenAuer · July 6, 2018, 2:59pm

Yes, one certificate with two names.

JuergenAuer · July 6, 2018, 3:27pm

You have three certificates created today

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:www.hawk-igpspunchclock.com&lu=cert_search
This

https://transparencyreport.google.com/https/certificates/ua3N5CNDpJqY1ZLW8VJwQZScM5V7Ln4Dwx0iLLiaC%2BA%3D

is correct, with two names

hawk-igpspunchclock.com
www.hawk-igpspunchclock.com

Now you have to install this certificate. You used certonly, so you must install the certificate manual.

JuergenAuer · July 6, 2018, 5:07pm

If I know it correct (don’t use Apache), you have to reload / restart Apache to use these informations.

If it is wrong, then these two files are wrong.

Look in /etc/letsencrypt/live/, there should be another folder with the correct certificate. There is a command like “certbot certificates” to see which certificates exists.

JuergenAuer · July 6, 2018, 10:11pm

This is your answer. Use these paths and filenames in your config-file.

JuergenAuer · July 6, 2018, 11:00pm

Now your certificate is correct. You are using the new certificate with two names

DNS-Name: hawk-igpspunchclock.com
DNS-Name: www.hawk-igpspunchclock.com

But you should fix the mixed content warnings. Chrome or FireFox, then CTRL + Shift + I, then open the console. There are errors:

http://ajax.googleapis.com/ajax/libs/webfont/1.4.7/webfont.js?ver=1.4.7

http://www.hawk-igpspunchclock.com/wp-content/… [skipped]

system · August 5, 2018, 11:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.