I have created a certificate successfully. But https is not working.
My domain is:
xxx.t8pbdyn2eb.eu-central-1.elasticbeanstalk.com
configuration and command:
/etc/httpd/conf.d/ssl.pre:
mode: “000644”
owner: root
group: root
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Directory /opt/python/current/app/build/static>
Order deny,allow
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/xxx.t8pbdyn2eb.eu-central-1.elasticbeanstalk.com/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/xxx.t8pbdyn2eb.eu-central-1.elasticbeanstalk.com/privkey.pem"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLSessionTickets Off
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
ProxyPass / http://localhost:80/ retry=0
ProxyPassReverse / http://localhost:80/
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto "https" early
# If you have pages that may take awhile to
# respond, add a ProxyTimeout:
# ProxyTimeout seconds
</VirtualHost>
command :
1. wget https://dl.eff.org/certbot-auto;chmod a+x certbot-auto
30_getcert:
2. sudo ./certbot-auto certonly --debug --non-interactive --email xxx@gmail.com --agree-tos --debug --apache --domains xxx.t8pbdyn2eb.eu-central-1.elasticbeanstalk.com --keep-until-expiring
3. sudo ln -sf /etc/letsencrypt/live/xxx.t8pbdyn2eb.eu-central-1.elasticbeanstalk.com /etc/letsencrypt/live/ebcert
4.sudo mv /etc/httpd/conf.d/ssl.pre /etc/httpd/conf.d/ssl.conf
It produced this output:
/var/log/httpd/ssl_error_log:
[Fri May 24 11:10:12.451577 2019] [ssl:warn] [pid 4369] AH01906: ip-xxx.eu-central-1.compute.internal:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 24 11:10:16.614421 2019] [ssl:warn] [pid 4369] AH01906: ip-xxx.eu-central-1.compute.internal:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 24 11:15:07.012148 2019] [ssl:warn] [pid 4369] AH01906: ip-xxx.eu-central-1.compute.internal:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 24 11:15:11.855848 2019] [ssl:warn] [pid 4369] AH01906: ip-xxx.eu-central-1.compute.internal:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
/var/log/httpd/error_log:
[Fri May 24 11:21:28.100657 2019] [suexec:notice] [pid 6724] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri May 24 11:21:28.115954 2019] [so:warn] [pid 6724] AH01574: module ssl_module is already loaded, skipping
[Fri May 24 11:21:28.116056 2019] [so:warn] [pid 6724] AH01574: module wsgi_module is already loaded, skipping
[Fri May 24 11:21:28.119964 2019] [ssl:warn] [pid 6724] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri May 24 11:21:28.120369 2019] [ssl:warn] [pid 6724] AH01909: ip-172-31-6-172.eu-central-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 24 11:21:28.120493 2019] [http2:warn] [pid 6724] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Fri May 24 11:21:28.121028 2019] [lbmethod_heartbeat:notice] [pid 6724] AH02282: No slotmem from mod_heartmonitor
[Fri May 24 11:21:28.121101 2019] [:warn] [pid 6724] mod_wsgi: Compiled for Python/3.6.2.
[Fri May 24 11:21:28.121105 2019] [:warn] [pid 6724] mod_wsgi: Runtime using Python/3.6.8.
[Fri May 24 11:21:28.123422 2019] [mpm_prefork:notice] [pid 6724] AH00163: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips mod_wsgi/3.5 Python/3.6.8 configured – resuming normal operations
[Fri May 24 11:21:28.123438 2019] [core:notice] [pid 6724] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Fri May 24 11:21:31.434390 2019] [:error] [pid 6729] /opt/python/current/app
[Fri May 24 11:25:59.376583 2019] [mpm_prefork:notice] [pid 6724] AH00169: caught SIGTERM, shutting down
[Fri May 24 11:25:59.806139 2019] [ssl:warn] [pid 7131] AH01909: ip-172-31-6-172.eu-central-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 24 11:25:59.806660 2019] [suexec:notice] [pid 7131] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri May 24 11:25:59.823751 2019] [so:warn] [pid 7131] AH01574: module ssl_module is already loaded, skipping
[Fri May 24 11:25:59.823866 2019] [so:warn] [pid 7131] AH01574: module wsgi_module is already loaded, skipping
[Fri May 24 11:25:59.827841 2019] [ssl:warn] [pid 7131] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri May 24 11:25:59.828189 2019] [ssl:warn] [pid 7131] AH01909: ip-172-31-6-172.eu-central-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 24 11:25:59.828308 2019] [http2:warn] [pid 7131] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Fri May 24 11:25:59.828806 2019] [lbmethod_heartbeat:notice] [pid 7131] AH02282: No slotmem from mod_heartmonitor
[Fri May 24 11:25:59.828868 2019] [:warn] [pid 7131] mod_wsgi: Compiled for Python/3.6.2.
[Fri May 24 11:25:59.828872 2019] [:warn] [pid 7131] mod_wsgi: Runtime using Python/3.6.8.
[Fri May 24 11:25:59.831287 2019] [mpm_prefork:notice] [pid 7131] AH00163: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips mod_wsgi/3.5 Python/3.6.8 configured – resuming normal operations
[Fri May 24 11:25:59.831303 2019] [core:notice] [pid 7131] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Fri May 24 11:30:44.316985 2019] [:error] [pid 7136] /opt/python/current/app
[Fri May 24 13:31:34.499629 2019] [:error] [pid 7136] ERROR django.security.DisallowedHost Invalid HTTP_HOST header: ‘www.baidu.com’. You may need to add ‘www.baidu.com’ to ALLOWED_HOSTS. [PID:7136:Dummy-2]
[Fri May 24 13:31:34.499685 2019] [:error] [pid 7136] ERROR django.security.DisallowedHost Invalid HTTP_HOST header: ‘www.baidu.com’. You may need to add ‘www.baidu.com’ to ALLOWED_HOSTS. [PID:7136:Dummy-2]
[Fri May 24 13:31:34.544236 2019] [:error] [pid 7136] WARNING django.request Bad Request: / [PID:7136:Dummy-2]
[Fri May 24 13:31:34.544284 2019] [:error] [pid 7136] WARNING django.request Bad Request: / [PID:7136:Dummy-2]
The operating system my web server runs on is (include version):
4.14.109-80.92.amzn1.x86_64 #1 SMP Mon Apr 1 23:07:39 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is:
Aws elastic Beanstalk
I can log in to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
NO
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
Both commands do not show certbot version