Certbot installs cert fine, verified, but still no https in any browser

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ctscourse.org

I ran this command: followed step by step instructions at https://certbot.eff.org/lets-encrypt/ubuntubionic-apache. No errors and clean install.

It produced this output:

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): ubuntu 18.04.1 LTS (Bionic)

My hosting provider, if applicable, is: AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I followed the instructions for a certbot install of a certificate and all went well. I chose the option to get and install the certificate for auto configuration of Apache instead of manually configuring. I got to the last step of going to ssllabs.com to check the configuration and certificate and it passed fine. However, when I try http://ctscourse.org in Chrome or Safari, the site is not secure (http). I tried testing the certificate and config with another external site and it also recognized the certificate and said all was well.

I have port 443 (and others) open.

I need to get this resolved by tomorrow and was hoping for some tips on what to check next. I am not as experienced with webservers, having spent my career with databases for the most part. Any help would be most appreciated.

1 Like

You have succesfully secured a redirect from your hostname to your IP address http://44.229.114.231/moodle. This IP address (besides from being very ugly in the address bar of the browser) isn’t secure. For one: you’re redirecting from HTTP -> HTTPS -> HTTP again. Also, the IP address isn’t covered by the certificate (IPs aren’t supported in certificates from Let’s Encrypt currently).

I would advice you to figure out why your secured hostname (https://ctscourse.org/) is redirecting to your IP address (http://44.229.114.231/moodle/). This is probably a misconfiguration in the webapp you’re using.

2 Likes