Disaster on first approach


#1

My domain is: satoshing.com

I ran this command: certbot --apache

It produced this output: Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.
AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.satoshing.com/fullchain.pem’ does no
t exist or is empty
The apache plugin is not working; there may be problems with your existing configuration
.
The error was: MisconfigurationError(“Error while running apache2ctl configtest.\nAction
‘configtest’ failed.\nThe Apache error log may have more information.\n\nAH00526: Synta
x error on line 33 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:\nSSLCertificat
eFile: file ‘/etc/letsencrypt/live/www.satoshing.com/fullchain.pem’ does not exist or is
empty\n”,)

My web server is (include version): apache2

The operating system my web server runs on is (include version): ubuntu 16.04

My hosting provider, if applicable, is: google cloud

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hello, I installed LetsEncrypt (certbot) for first time to issue certificates for the site satoshing.com. Since I couldn’t get it to work with and without www and neither get rid of the misconfiguration security alert on all browser, I ended up deleting all my certificates. I’m very lost on how to proceed to fix this issue. I would like to reset everything again and make like nothing ever happen but it seems like this is no longer possible. What should I do to properly configure my certificates? Certbot commands does not ask much.
Any help will be very appreciated. Thanks a lot.

Felipe


#2

Hi,

Since you’ve deleted all the certificates…and now Apache desperately need a certificate to work…

(And I guess you have not modified any of the virtual host file in default-le-ssl.conf)

Easiest way to fix:

  1. Move the file /etc/apache2/sites-enabled/000-default-le-ssl.conf to a secure location outside your Apache directory… Preferably your userhome
  2. Run the certbot command again.

Warning: you might want to save the defauit-le-ssl.conf becasue it might contain some headers / settings moved from http version to the conf file (I’m not sure if certbot would do that)

Certbot commands do ask something… (But it’s in arguments mode… I believe interactive mode does not have that much of options)

Check out this page:

For example, you could run sudo certbot --apache -d satoshing.com -d www.satoshing.com to get a certificate containing both names.

Thank you


#3

Lovely. Seems to be allright now, although every browser behave differently. Some still point to an unsecured version of the site. It seems both versions are still online. Am I wrong?


#4

Hi,

Yes. Both versions are accessible…
Now, what you might want to do is rewrite http site to https…

A simple tutorial: https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/redirect-to-https-on-apache

Thank you


#5

Fantastic. Thanks so much!


#6

certbot should have asked if @kiltro would like to have a redirect. Running certbot again and reinstalling the cert a second time (no need to re-issue the cert) should give him/her the choice again.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.