Certificates installed successfully but its not working


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=qfrcem.co.uk), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: qfrcem.co.uk

I ran this command: sudo certbot --apache -d qfrcem.co.uk -d www.qfrcem.co.uk

It produced this output:

Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://qfrcem.co.uk and
https://www.qfrcem.co.uk

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=qfrcem.co.uk
https://www.ssllabs.com/ssltest/analyze.html?d=www.qfrcem.co.uk


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/qfrcem.co.uk/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/qfrcem.co.uk/privkey.pem
    Your cert will expire on 2019-06-28. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version): apache2

The operating system my web server runs on is (include version):ubuntu 14.04

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):using SSH

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0


#2

HTTPS is timing out. Are you sure the AWS security groups and the instance’s own firewall allow port 443?

Are you getting a different error?


#3

Not sure , may be 443 is not added in the secrity group


#4

Hi @itsmemukesh21

now your https works. You have a new certificate ( https://check-your-website.server-daten.de/?q=qfrcem.co.uk ):

CN=qfrcem.co.uk
	30.03.2019
	28.06.2019
expires in 90 days	qfrcem.co.uk, www.qfrcem.co.uk - 2 entries

both connections use that, that’s ok.

But you have (1) a small redirect error and (2) mixed content.

(1)

Domainname Http-Status redirect Sec. G
http://qfrcem.co.uk/
34.244.180.241 303 https://qfrcem.co.uk 0.080 A
http://www.qfrcem.co.uk/
34.244.180.241 303 https://qfrcem.co.uk 0.074 E
https://www.qfrcem.co.uk/
34.244.180.241 303 https://qfrcem.co.uk 0.427 B
https://qfrcem.co.uk 200 0.477 I
https://qfrcem.co.uk/
34.244.180.241 200 0.797 I

The first redirect doesn’t add a /, so if someone uses

http://qfrcem.co.uk/theme/essential/own/css/responsive.css

oh, there is no redirect, that’s not good.

And there are some mixed content problems:

http://qfrcem.co.uk/theme/essential/own/img/team_elevator_home.jpg

And

https://qfrcem.co.uk/theme/essential/own/css/rs-plugin/css/extralayer.css

is https, but has some http urls:

http://themepunch.com/revolution/wp-content/uploads/2014/05/wave11.png
1
http://themepunch.com/revolution/wp-content/uploads/2014/05/wave21.png
1
http://themepunch.com/revolution/wp-content/uploads/2014/05/wave3.png
1
http://themepunch.com/revolution/wp-content/uploads/2014/05/wave4.png
1
http://themepunch.com/revolution/wp-content/uploads/2014/05/wave51.png
1

Check the complete list, too long to post.


#5

ok thanks , other then mixed content what are the other major issues


#6

Check the output of the tool. You have a Grade I.

B, later A should be possible.

But that’s outside of this forum.