Certificate Signed but still not secure

My domain is: finrhodweb.com
My web server is (include version): Xampp Windows 3.2.4

The operating system my web server runs on is (include version): Windows 10

I'm using a control panel to manage my site: yes

The version of my client is: 1.9.0

Hi so I'm running Xammp Apache on A Windows machine just for a small project, web server is running on ports 80 and 443 as needed.

To sign it I used cerbot certonly --webroot.
The signage all went fine, however, it still will not let me use https://finrhodweb.com.

I've checked all DNS records and they seem to be inline but I'm not sure as I have the signage files in the normal directory under Certbot/live/{domain name} and the files are all there so it's definitely worked but still nothing...
Any ideas at all would be appreciated as I'm new to this

2 Likes

Welcome to the Let's Encrypt Community :slightly_smiling_face:

certonly acquires a certificate, but does not install it.

Try:
certbot --apache --keep-until-expiring

edit: --keep-until-expiring and --reinstall do the same thing.

2 Likes

Hi @Finrhodweb

if you use that command, the certificate isn't installed.

Use

--reinstall
1 Like

Hi, so cerbot certonly --reinstall? Just to confirm as I am a complete newbie.
Thanks for replying so quick!

3 Likes

Hi so it says something about a plugin not being installed? Does that mean I need a plug in to use Apache?

2 Likes

It probably doesn't know which installer to use, since you used certonly.

READERS: Get involved. Be heard. Do your part, it starts with: If you read something you like; then like it :heart: !

2 Likes

Ok so certonly only produces the certificate, so how do I go about linking it?

2 Likes

You need to either use:
-i apache
To specify that particular installer
OR

Which should prompt you and get you what you need.
Along with setting things up nicely for when it comes times to renew.

READERS: Get involved. Be heard. Do your part, it starts with: If you read something you like; then like it :heart: !

2 Likes

Ok so when I try both of these it says
"Certificate not due for renewal, no action taken"

Do I need to remove the certificates and start fresh?

Sorry, I'm such a newbie to this, I appreciate all your help :slight_smile:

2 Likes

No.
You need to INSTALL the certificate you already have.
See for yourself.
Try:
certbot certificates

Now you just need to USE that certificate within your XAMPP (Apache).
You can either do that manually - if you know how to setup a new site in Apache.
OR
You can tell certbot to reinstall it while using the Apache installer.
Maybe you need to add some --force just this one time.
But it should have asked you if you wanted to reinstall the existing cert...
Can you show the whole certbot output with all choices you made?

READERS: Get involved. Be heard. Do your part, it starts with: If you read something you like; then like it :heart: !

2 Likes

I can try and show but using a remote connection so may be trickg

2 Likes

If you can't copy/paste the text, just get a screenshot of it.
We are .well-trained at reading pixels!

READERS: Get involved. Be heard. Do your part, it starts with: If you read something you like; then like it :heart: !

2 Likes

2 Likes

Use the following and let me know:
certbot --apache --keep

1 Like

Says "does not appear to be installed"

2 Likes

So it doesn't recognize your apache flavor, which is why you used webroot.

1 Like

If I was to use option 1 and have it spin a local server, would this be easier? As I can shut down the server to do this

2 Likes

No. What you've done is optimal to minimize disruption of webserver operation.

This is the trouble:

No installers for HTTP servers are supported for now (Certbot for Windows can currently obtain your certificate from Let's Encrypt, but not install it into your web server application).


The following resource is a bit dated, but it might help you modify your apache configuration to use the cert you've acquired. Once it's pointed at the cert and key in the Let's Encrypt live folder, when it comes time to renew your certificate you should only need to use renew then restart your webserver using a --deploy-hook.

Look at the following (starting at step 4):

For the --deploy-hook:

2 Likes

Ok, Thank you so much for your help! I will try this in the morning as all this is frying my brain by the second! I will be sure to come back if I have any issues but looking at those links looks like I should be fine.

Thanks again!

3 Likes

Let us know. :slightly_smiling_face:

2 Likes