Hi - I’ve created many certs with certbot with no issues, but this one has me stumped. Its a simple apache setup with one virtual host. The certificate generated doesnt work though, I get a ‘name’ error saying that its set to willfrost not willfrost.co.uk
I selected willfrost.co.uk during the install and have retried several times.
My domain is: willfrost.co.uk
I ran this command: certbot-auto --apache
It produced this output: (ran normally)
My web server is (include version): apache
The operating system my web server runs on is (include version): centos 8
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.4.0
Hi @strider
there are some checks of your domain, 20 and 30 minutes old - https://check-your-website.server-daten.de/?q=willfrost.co.uk
You have created some certificates:
But you use a self signed.
E=root@willfrost, CN=willfrost, O=Unspecified, C=US
15.05.2020
20.05.2021
expires in 369 days willfrost - 1 entry
So it's an installation problem, not a certificate creation problem.
What says
apachectl -S
Hi - thanks - apachectl -S actually returns nothing. I’m on centos 8.
httpd.server reports active (running)
I didnt select self signed during the setup so not sure why that has happened. One thing I did notice which was unusual, I wasnt asked if I wanted to divert http to https, it just actioned that.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: willfrost.co.uk
I ran this command: cert-auto --apache
It produced this output: all good
My web server is (include version): willfrost.co.uk
The operating system my web server runs on is (include version): centos 8.1
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.4
If you use CentOS, you know you have to use httpd instead of apachectl.
Hi - thanks for the reply. yes we are using httpd we dont use apachectl why is that relevant ?
Which names would you like to activate HTTPS for?
1: willfrost.co.uk
2: www.willfrost.co.uk
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for willfrost.co.uk
http-01 challenge for www.willfrost.co.uk
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/willfrost-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/willfrost-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/willfrost-le-ssl.conf
Redirecting vhost in /etc/httpd/conf.d/willfrost.conf to ssl vhost in /etc/httpd/conf.d/willfrost-le-ssl.conf
Congratulations! You have successfully enabled https://willfrost.co.uk and
https://www.willfrost.co.uk
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=willfrost.co.uk
https://www.ssllabs.com/ssltest/analyze.html?d=www.willfrost.co.uk
Please: Instead of apachectl -S httpd -S. Your real configuration is required.
Sorry my misunderstanding - this is the output from httpd -S
AH00526: Syntax error on line 14 of /etc/httpd/conf.d/willfrost-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/willfrost.co.uk/fullchain.pem’ does not exist or is empty
Note fullchain.pem does exist and isnt empty
willfrost-le-ssl.conf is :-
ServerName willfrost.co.uk
ServerAlias www.willfrost.co.uk
ServerAdmin webmaster@scintillae.net
DocumentRoot /var/www/html/willfrost.co.uk
ErrorLog logs/willfrost.vote-error_log
Options -Indexes
Options FollowSymLinks
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/willfrost.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/willfrost.co.uk/privkey.pem
[root@willfrost strider]# ls /etc/letsencrypt/live/willfrost.co.uk/privkey.pem
/etc/letsencrypt/live/willfrost.co.uk/privkey.pem
[root@willfrost strider]# ls /etc/letsencrypt/live/willfrost.co.uk/fullchain.pem
/etc/letsencrypt/live/willfrost.co.uk/fullchain.pem
root or sudo is required.
Aah sorry :-
[root@willfrost strider]# sudo httpd -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server willfrost.co.uk (/etc/httpd/conf.d/ssl.conf:40)
port 443 namevhost willfrost.co.uk (/etc/httpd/conf.d/ssl.conf:40)
port 443 namevhost willfrost.co.uk (/etc/httpd/conf.d/willfrost-le-ssl.conf:2)
alias www.willfrost.co.uk
*:80 willfrost.co.uk (/etc/httpd/conf.d/willfrost.conf:1)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
PidFile: “/etc/httpd/run/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48
There
you see your mess. Two port 443 vHosts with the same domain name.
Merge these in one or disable both, then use certbot with --reinstall to create a clean port 443 vHost.
Aah ok - this is the default for centos 8 httpd setup by the way - so everyone will hit this.
