Certbot certificate is done but https is not working


My domain is: domain.com

I ran this command: sudo certbot certificates

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: www.domain.com
Domains: www.domain.com
Expiry Date: 2018-10-04 13:34:50+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.domain/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.domain.com/privkey.pem
Certificate Name: domain.com
Domains: domain.com
Expiry Date: 2018-10-04 13:34:32+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/domain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.com/privkey.pem

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-124-generic x86_64)

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Certificate is working but when try to reach www.domain.com/ it causes an error with security
This website is on wordpress, and I think there is hard redirect to https

  1. I don’t know how to turn off this redirection to even get the website
  2. https is not working

Thank you in advance!


That’s because it’s using the certificate for hawk-igpspunchclock.com, which is different. You’d probably be better off putting both names on a single cert, rather than on two separate certs.


so should I create certificate
sudo certbot --apache certonly -d hawk-igpspunchclock.com -d www.hawk-igpspunchclock.com
and then delete two certs that I created before?


Yes, one certificate with two names.


Did as you told me to do, but nothing changed.
At least, I found the way to reach http://
But that didn’t help me


You have three certificates created today



is correct, with two names


Now you have to install this certificate. You used certonly, so you must install the certificate manual.


This is my “ggvhost-le-ssl.conf” file. What did I do wrong?

    <IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName www.hawk-igpspunchclock.com
  ServerAlias hawk-igpspunchclock.com
  DocumentRoot /var/www/hawki
  <Directory "/var/www/hawki">
    AllowOverride All
    Options -Indexes +FollowSymLinks -Multiviews
    Require all granted
  #ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://$1
  #DirectoryIndex     index.html index.php
  AccessFileName     .htaccess
  HostnameLookups    Off
  ErrorLog           /var/www/logs/hawki_error.log
  LogLevel           debug
  LogFormat          "%h %V %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %T %{mod_php_memory_usage}n" combineddebug
  CustomLog          /var/www/hawki_access.log combineddebug
  ServerSignature    On
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/hawk-igpspunchclock.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/hawk-igpspunchclock.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf

Maybe this will help you to understand smthing:
I ran this command: sudo apachectl configtest
It produced this output:
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using Set the ‘ServerName’ directive globally to suppress this message
Syntax OK


If I know it correct (don’t use Apache), you have to reload / restart Apache to use these informations.

If it is wrong, then these two files are wrong.

Look in /etc/letsencrypt/live/, there should be another folder with the correct certificate. There is a command like “certbot certificates” to see which certificates exists.


sudo certbot certificates

Found the following certs:
  Certificate Name: www.hawk-igpspunchclock.com
    Domains: hawk-igpspunchclock.com www.hawk-igpspunchclock.com
    Expiry Date: 2018-10-04 14:00:42+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/www.hawk-igpspunchclock.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.hawk-igpspunchclock.com/privkey.pem
  Certificate Name: hawk-igpspunchclock.com
    Domains: hawk-igpspunchclock.com
    Expiry Date: 2018-10-04 13:34:32+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/hawk-igpspunchclock.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/hawk-igpspunchclock.com/privkey.pem

And this is what inside /live folder:
(There are two folders, www.hawk-igpspunchclock.com and hawk-igpspunchclock.com, in every of them there are these files)
cert.pem chain.pem fullchain.pem privkey.pem README


This is your answer. Use these paths and filenames in your config-file.


I am so sorry, but I do use them in my config file, aren’t me?
I changed that two lines on this:

  SSLCertificateFile /etc/letsencrypt/live/hawk-igpspunchclock.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/hawk-igpspunchclock.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/hawk-igpspunchclock.com/fullchain.pem

I fight against the wall with my head, but I absolutely do not understand what I need to do


Hmm, something happened and in config file I changed “/hawk-igpspunchclock.com/” to “/www.hawk-igpspunchclock.com/” and it is working.
Maybe I need to write one more block for hawk-i without www, but fact is fact.

Thank you for your big help, that was awesome


Now your certificate is correct. You are using the new certificate with two names

DNS-Name: hawk-igpspunchclock.com
DNS-Name: www.hawk-igpspunchclock.com

But you should fix the mixed content warnings. Chrome or FireFox, then CTRL + Shift + I, then open the console. There are errors:


http://www.hawk-igpspunchclock.com/wp-content/… [skipped]


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.