Certificate error after auto-generation

I didnt select self signed during the setup so not sure why that has happened. One thing I did notice which was unusual, I wasnt asked if I wanted to divert http to https, it just actioned that.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: willfrost.co.uk

I ran this command: cert-auto --apache

It produced this output: all good

My web server is (include version): willfrost.co.uk

The operating system my web server runs on is (include version): centos 8.1

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.4

If you use CentOS, you know you have to use httpd instead of apachectl.

Hi - thanks for the reply. yes we are using httpd we dont use apachectl why is that relevant ?

Which names would you like to activate HTTPS for?


1: willfrost.co.uk

2: www.willfrost.co.uk


Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter ‘c’ to cancel):

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for willfrost.co.uk

http-01 challenge for www.willfrost.co.uk

Waiting for verification…

Cleaning up challenges

Created an SSL vhost at /etc/httpd/conf.d/willfrost-le-ssl.conf

Deploying Certificate to VirtualHost /etc/httpd/conf.d/willfrost-le-ssl.conf

Deploying Certificate to VirtualHost /etc/httpd/conf.d/willfrost-le-ssl.conf

Redirecting vhost in /etc/httpd/conf.d/willfrost.conf to ssl vhost in /etc/httpd/conf.d/willfrost-le-ssl.conf


Congratulations! You have successfully enabled https://willfrost.co.uk and

https://www.willfrost.co.uk

You should test your configuration at:

https://www.ssllabs.com/ssltest/analyze.html?d=willfrost.co.uk

https://www.ssllabs.com/ssltest/analyze.html?d=www.willfrost.co.uk


Please: Instead of apachectl -S httpd -S. Your real configuration is required.

Sorry my misunderstanding - this is the output from httpd -S

AH00526: Syntax error on line 14 of /etc/httpd/conf.d/willfrost-le-ssl.conf:

SSLCertificateFile: file ‘/etc/letsencrypt/live/willfrost.co.uk/fullchain.pem’ does not exist or is empty

Note fullchain.pem does exist and isnt empty

willfrost-le-ssl.conf is :-

ServerName willfrost.co.uk ServerAlias www.willfrost.co.uk ServerAdmin webmaster@scintillae.net DocumentRoot /var/www/html/willfrost.co.uk ErrorLog logs/willfrost.vote-error_log Options -Indexes Options FollowSymLinks

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/willfrost.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/willfrost.co.uk/privkey.pem

Screenshot 2020-05-17 at 11.00.13

[root@willfrost strider]# ls /etc/letsencrypt/live/willfrost.co.uk/privkey.pem

/etc/letsencrypt/live/willfrost.co.uk/privkey.pem

[root@willfrost strider]# ls /etc/letsencrypt/live/willfrost.co.uk/fullchain.pem

/etc/letsencrypt/live/willfrost.co.uk/fullchain.pem

root or sudo is required.

Aah sorry :-

[root@willfrost strider]# sudo httpd -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server willfrost.co.uk (/etc/httpd/conf.d/ssl.conf:40)
port 443 namevhost willfrost.co.uk (/etc/httpd/conf.d/ssl.conf:40)
port 443 namevhost willfrost.co.uk (/etc/httpd/conf.d/willfrost-le-ssl.conf:2)
alias www.willfrost.co.uk
*:80 willfrost.co.uk (/etc/httpd/conf.d/willfrost.conf:1)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
PidFile: “/etc/httpd/run/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48

There

you see your mess. Two port 443 vHosts with the same domain name.

Merge these in one or disable both, then use certbot with --reinstall to create a clean port 443 vHost.

Aah ok - this is the default for centos 8 httpd setup by the way - so everyone will hit this.

ssl.conf is the default config - I guess I can just remove that.

For anyone that hits this with Centos 8.1 on a fresh install - I just removed the ‘ssl.conf’ file and ran certbot-auto --reinstall as recommended by JuergenAuer and it all worked

Thank you JuergenAuer you are a star

:grinning: :clap: :man_superhero:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.