My domain is: pocketwiki.cau.ninja
I ran this command:
sudo certbot --apache and it generated a certificate that gets detected as "self-signed" by firefox and mediawiki, the web-application of that domain.
My web server is (include version): Apache2
The operating system my web server runs on is (include version): Ubuntu 20
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 1.26.0
As it creates multiple problems, I want to "switch" to a "non-self"-signed certificate.
What do you mean?
Hi @xtay2, and welcome to the LE community forum
That is impossible.
It might be that you ran
certbot --apache [and that completed normally]
And that your site is still using a "self-signed" cert.
But no "self-signed" certs come from
There must be a "problem" with your
Let's have a look at the output of:
apachectl -t -D DUMP_VHOSTS
certbot certificates gives:
Found the following certs:
Certificate Name: pocketwiki.cau.ninja
Serial Number: 4ef5ea7fd2a01bd5495c567ce79ff121a5c
Key Type: RSA
Domains: pocketwiki.cau.ninja wiki.pseudocode.site
Expiry Date: 2022-07-10 18:31:30+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/pocketwiki.cau.ninja/fullchain.pem
Private Key Path: /etc/letsencrypt/live/pocketwiki.cau.ninja/privkey.pem
apachectl -t -D DUMP_VHOSTS gives:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
*:443 pocketwiki.cau.ninja (/etc/apache2/sites-enabled/pocketwiki-le-ssl.conf:2)
Or, when Im trying to edit a page:
You are connecting to
https://localhost, not to
The certificate isn't valid for the first one, just for the second (and the other domain).
Options Indexes FollowSymLinks
allow from all
Require all granted
CustomLog /var/log/apache2/mediawiki_access common
Is it possible to add the certificate for localhost too?
You can edit your
/etc/hosts file and make your pc believe that
pocketwiki.cau.ninja is hosted on
127.0.0.1, though. (Instead of querying the public DNS)
How do I have to change it? Currently it looks like this:
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
Are you sure that's the right file? It doesn't look like it.
You just add a line like this, in
Change the localhost line to read;
127.0.0.1 localhost pocketwiki.cau.ninja
Add another line wherever you like it best.
I have now changed it, but both the firefox- and editing-error persist. If you want to try it, you can freely edit one character on
https://pocketwiki.cau.ninja/index.php/Testpage?veaction=edit and commit it as a "minor change" by clicking "Änderungen speichern" in the top right corner.
Mediawiki describes the occurring error with: "Error contacting the Parsoid/RESTBase server: (curl error: 60) Peer certificate cannot be authenticated with given CA certificates
You may be using a self-signed SSL certificate. Workaround unknown."
You have to use your domain name in the browser. Not localhost.
Sorry, my bad. A friend tried that (outside of my network) and he had the same error. (Error contacting the Parsoid/RESTBase server...)
Ok, does MediaWiki know about the domain name, or is it trying to contact "localhost"? MediaWiki itself has to use the domain name.
Anyhow, your wiki is working for me: Änderungen – PocketWiki
Yes, in the mediawikis "LocalSettings.php" I have this: