Connection is not Private


#1

My domain is: https://www.isitcracked.com

The operating system my web server runs on is (include version): Ubuntu 18.04.1 LTS

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

Test results: https://www.whynopadlock.com/results/b0e026cd-bfb2-4a75-a049-fe0ad77135dd

I installed the certificate as “isitcracked.com” but I guess it redirects to “www.isitcracked.com” I don’t know how to undo this, start all over and install the certificate to both domains.

I would appreciate the help really.


#2

If you ran:

certbot --apache -d isitcracked.com

you could “fix this” by running:

certbot --apache -d isitcracked.com -d www.isitcracked.com

This way, your certificate will be re-issued to be valid for both domains.


#3

We were unable to find a vhost with a ServerName or Address of www.isitcracked.c om.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)


1: 000-default-le-ssl.conf | isitcracked.com | HTTPS | Enabled
2: 000-default.conf | | | Enabled


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):


#4

Sure, you can select (1).

Additionally, in your Apache config, where you have:

ServerName isitcracked.com

you might also want to add

ServerAlias www.isitcracked.com

if not present already.


#5

I did those, it did not work and now RIP apache.

Restarting apache2 (via systemctl): apache2.serviceJob for apache2.service failed becaus e the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
failed!


#6

What’s the output of:

apachectl -t

#7

AH00526: Syntax error on line 231 of /etc/apache2/apache2.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.isitcracked.com/fullchain.pem’ does not exist or is empty
Action ‘-t’ failed.
The Apache error log may have more information.


#8

I deleted that and it is back.


#9

Seems like your original problem is now solved - the certificate is valid for both domains.

But I am slightly suspicious of why that line was added to apache2.conf to begin with …


#10

Hi,

Please run certbot certificates and change that line 231 (it should be in the file 000-default-le-ssl.conf) and replace /etc/letsencrypt/live/www.isitcracked.com/fullchain.pem with the certificate path you got from certbot certificates output

Maybe that’s because Apache is reporting the raw output? (all files are “included” in the apache2.conf)

Thank you


#11

OK. I am a bit lost here so could you help me with what you suggest.

Here is certbot certifactes output:
Found the following certs:
Certificate Name: isitcracked.com
Domains: isitcracked.com www.isitcracked.com
Expiry Date: 2019-02-28 01:15:55+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/isitcracked.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/isitcracked.com/privkey.pem

And there seems to be two different files as “000-default-le-ssl.conf”:
root@isitcracked:~# find /etc -name 000-default-le-ssl.conf
/etc/apache2/sites-enabled/000-default-le-ssl.conf
/etc/apache2/sites-available/000-default-le-ssl.conf


#12

Nevermind. I think It’s fixed (since both versions are working)

There’s nothing you’ll need to do now… (except to set up auto-renewal)

Thank you