My domain is: hahnca.com
I ran this command: certbot --nginx
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): mark@hahnca.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: a
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: n
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: hahnca.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for hahnca.com
Waiting for verification...
Cleaning up challenges
Deployed Certificate to VirtualHost /etc/nginx/conf.d/server.conf for hahnca.com
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://hahnca.com
My web server is (include version): nginx/1.10.3 (Ubuntu)
The operating system my web server runs on is (include version): ubuntu 16.04
My hosting provider, if applicable, is: self-hosted
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
When running the test at https://www.ssllabs.com/ssltest/analyze.html?d=hahnca.com
I got this …
Server Key and Certificate #1
Subject GreenWave Systems
Fingerprint SHA256: e990e21ab1e2d5fe2cd6166b4ccafa2471b6226a97864d8a5cfef52424a3ffb5
Pin SHA256: ZVnMZQk0/WpSZAQOcZ3lTBAhYN62hlBpQSVLfd8SvBs=
Common names GreenWave Systems
Alternative names - INVALID
Serial Number 00f52861ccf6173951
Valid from Fri, 02 Oct 2015 05:49:58 UTC
Valid until Mon, 29 Sep 2025 05:49:58 UTC (expires in 7 years and 7 months)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer GreenWave Systems Self-signed
Signature algorithm SHA512withRSA
Extended Validation No
Certificate Transparency No
OCSP Must Staple No
Revocation information None
DNS CAA No (more info)
Trusted No NOT TRUSTED (Why?)
I have never heard of GreenWave Systems
. This is a clean install. I had nothing referencing SSL in my nginx config. I had no previous certs.
What should I do now? I am afraid to delete this cert as I might end up screwing things up.
Edit: I just realized my router was not set to forward port 443. I have fixed that now but I’m still getting the same test results. Doesn’t certbot access my 443 port as part of the cert creation or testing? I guess not. I’ll try deleting the cert and starting over. Wish me luck …