Yop it said Congratulations!
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/cnews.at/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/cnews.at/privkey.pem
Your cert will expire on 2019-01-13. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again with the "certonly" option. To
non-interactively renew *all* of your certificates, run
"letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Edit: https://cnews.at works like it should but why can I reach http://news.at as well?
rg305
October 15, 2018, 4:50pm
22
Please show:
/etc/letsencrypt/live/cnews.at/fullchain.pem
-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISA7TkriZjqdY81U+BvCuAF34gMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEwMTUxNTI1MDJaFw0x
OTAxMTMxNTI1MDJaMBMxETAPBgNVBAMTCGNuZXdzLmF0MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA7zMgFBjcTdOogEU3PLWrnZb4prjXic6LRfXwlsQt
22uGpnjp4vErY/5lRSkcj1sqhcAIJR+NGeQEnZGQu06alM9UqcH+qdj7D8bmVAXj
anzQZJVyzpvYmb1uxENa1AT4tBVuqhScjc1yFwqaQhyAe6/M+zX0W0Wjsc+B+Sb7
3sQV3H030N/DF6/htgcg8mEivHvQu2fPkDBEbF0cr25qTqAULJoA85jct4ADTW9G
mZcRwLs8DbPKpfDQDnnWZx1rAtlGfCqbN3DfoBwoMlhFozAicGTlkHhGyWLXDuAt
caeo79yODHTqqlk/6VuOb6VCKtTFQWMsgRIUl0iVxD9GRwIDAQABo4IDHzCCAxsw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ+equnxoQt9vFAd7ARDnJMcvsA5zAfBgNV
HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMCEG
A1UdEQQaMBiCCGNuZXdzLmF0ggx3d3cuY25ld3MuYXQwgf4GA1UdIASB9jCB8zAI
BgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8v
Y3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRp
ZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGll
cyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBv
bGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5
LzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2AHR+2oMxrTMQkSGcziVPQnDCv/1e
QiAIxjc1eeYQe8xWAAABZniLiKIAAAQDAEcwRQIgLCpwybq/uyMu+0u5dFCukQ5t
FC5V9l9EbdvMme3F0E8CIQDHcpdghfv9hY3L6ocrrSOcUVzyCrqugh69SC95pwNw
ngB3ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABZniLiZsAAAQD
AEgwRgIhANwgODFh0NkhRqZArbCL6gtH+fJNP5XsVHgwiDSLvaSWAiEAvZWr8Qn5
kzc4/JwvSnndQh9DPu/K8MZdyo85LgTAfhowDQYJKoZIhvcNAQELBQADggEBAB4D
aDh+0APGRHQwRZhAXJtMb6MyxqZEFOqfCG4ry2wjejDWPlTJF7WmS0rcH6b6/mef
3iZ9LB5BCp5YwpaW6kQAvRlZU3uWrBz9+ud1fMLwuNrwY86T249wfUp7abchRchA
Zmi13+e6jdUAUe83RlLkaw+lOam448U2UBuCLwW2mi0cMB7pPOFqDV9awbhxuAtM
l2z7y0HTdWRasoOcyrmaXAx3PuaMO3w111cy6leIynIVG40cz2RoyOIVaz2WTjju
EaMI9luEvI/Q1z1PCRNzQhb+5oNMztGrFz6pD8K0MTTeodbA+oPTYjIR8LKGh/Rr
a5QMzE4ZaWFF060ImjA=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
rg305
October 15, 2018, 4:52pm
24
Success! That cert is what you requested.
You only included those two names in that one cert.
How did you create the cert for news.at
?
I dont know? I only made it for these two.
rg305
October 15, 2018, 4:54pm
26
I'm confused...
Is there a TYPO in there?
Please explain the trouble.
Why is http://cnews.at reachable I want every http request to be redirect to https. http://www.cnews.at is now also reachable why is that? It wasnāt before!? I choose the option 2 to redirect every http request to https I dont understand this.
rg305
October 15, 2018, 4:57pm
28
OK!
Thatās HTTP > HTTPS redirection.
I can help with that.
Please show the HTTP vhost config file.
rg305
October 15, 2018, 4:59pm
30
grep -Eri 'cnews.at|servername|serveralias' /etc/apache2
or maybe something likeā¦
grep -Eri 'cnews.at|servername|serveralias' /httpd/
grep -Eri 'cnews.at|servername|serveralias' /etc/httpd
if no luck, try:
find / -name apache*
No such file or directory
Normally letsencrypt should set this up automatically?
Edit:
/etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
/etc/httpd/conf.d/cryptonews.conf: ServerName www.cnews.at
/etc/httpd/conf.d/cryptonews.conf: ServerAlias cnews.at
/etc/httpd/conf.d/cryptonews.conf: RewriteCond %{SERVER_NAME} =www.cnews.at [OR]
/etc/httpd/conf.d/cryptonews.conf: RewriteCond %{SERVER_NAME} =cnews.at
/etc/httpd/conf.d/cryptonews-le-ssl.conf: ServerName www.cnews.at
/etc/httpd/conf.d/cryptonews-le-ssl.conf: ServerAlias cnews.at
/etc/httpd/conf.d/cryptonews-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/cnews.at/cert.pem
/etc/httpd/conf.d/cryptonews-le-ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/cnews.at/privkey.pem
/etc/httpd/conf.d/cryptonews-le-ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/cnews.at/chain.pem
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
rg305
October 15, 2018, 5:02pm
32
It āshouldā; but can be easily confused, if you have a complicated vhost setup.
OK.
Show:
/etc/httpd/conf.d/cryptonews.conf
<VirtualHost *:80>
DocumentRoot "/var/www/cryptonews/public"
ServerName www.cnews.at
ServerAlias cnews.at
<Directory "/var/www/cryptonews/public">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</Directory>
RewriteCond %{SERVER_NAME} =www.cnews.at [OR]
RewriteCond %{SERVER_NAME} =cnews.at
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
rg305
October 15, 2018, 5:09pm
34
That seems to be correctā¦
Letās see if there are any other vhost configs that may be in conflict:
grep -Eri 'VirtualHost|servername|serveralias' /etc/httpd/
/etc/httpd/conf.d/cryptonews.conf:<VirtualHost *:80>
/etc/httpd/conf.d/cryptonews.conf: ServerName www.cnews.at
/etc/httpd/conf.d/cryptonews.conf: ServerAlias cnews.at
/etc/httpd/conf.d/cryptonews.conf:</VirtualHost>
/etc/httpd/conf.d/cryptonews-le-ssl.conf:<VirtualHost *:443>
/etc/httpd/conf.d/cryptonews-le-ssl.conf: ServerName www.cnews.at
/etc/httpd/conf.d/cryptonews-le-ssl.conf: ServerAlias cnews.at
/etc/httpd/conf.d/cryptonews-le-ssl.conf:</VirtualHost>
/etc/httpd/conf.d/ssl.conf:<VirtualHost _default_:443>
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
/etc/httpd/conf.d/ssl.conf:</VirtualHost>
rg305
October 15, 2018, 5:10pm
36
Have you restarted apache?
Since you choose #2 ?
Yep! Did service httpd restart
rg305
October 15, 2018, 5:15pm
38
Then I can only guess at the problemā¦
Guess #1:
The āorderā matters.
move the redirect lines up higher (right after serveralias).
Guess #2:
Apache 2.4.6 canāt do what we are asking it to do.
maybe the syntax is not proper.
It worked already ā¦for www.cnews.at
Edit: You mean this
RewriteCond %{SERVER_NAME} =www.cnews.at [OR]
RewriteCond %{SERVER_NAME} =cnews.at
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
rg305
October 15, 2018, 5:17pm
40
Yes.
Maybe moving those 3 lines up - right after serveralias.