Certificates Obtained but Not Installed


#1

Please fill out the fields below so we can help you better.

My domain is:XXXXXX.org

I ran this command:./certbot-auto certonly --webroot -w /home/XXXXXX/public_html/XXXXXX -d XXXXXX.org

It produced this output:
You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/XXXXXX.org.conf)

What would you like to do?

1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for XXXXXX.org
Using the webroot path /home/XXXXXX/public_html/XXXXXX for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/XXXXXX.org/fullchain.pem. Your cert will
    expire on 2017-06-29. To obtain a new or tweaked version of this
    certificate in the future, simply run certbot-auto again. To
    non-interactively renew all of your certificates, run
    "certbot-auto renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My operating system is (include version): XXXXXX

My web server is (include version): XXXXXX

My hosting provider, if applicable, is: XXXXXX (I rent the server and run it myself.)

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Looks like your server is serving HTTP on port 443, instead of HTTPS.

Note that certbot-auto certonly only obtains a certificate for you; it doesn’t attempt to configure your webserver - use certbot-auto without the certonly parameter if you want it to do so. Or Mozilla’s configuration generator is helpful if you prefer to configure it yourself.

Specifically, I suspect you’re probably missing SSLEngine on or something like that. Post your existing config if you need more help finding where the problem is.


#3

I just wanted to thank you. My server is configured in a rather irregular and custom way, but your suggestion about SSLEngine led me in the right direction. You have saved me a lot of time trying to figure this out!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.