Disaster on first approach

My domain is: satoshing.com

I ran this command: certbot --apache

It produced this output: Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.
AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.satoshing.com/fullchain.pem’ does no
t exist or is empty
The apache plugin is not working; there may be problems with your existing configuration
.
The error was: MisconfigurationError(“Error while running apache2ctl configtest.\nAction
‘configtest’ failed.\nThe Apache error log may have more information.\n\nAH00526: Synta
x error on line 33 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:\nSSLCertificat
eFile: file ‘/etc/letsencrypt/live/www.satoshing.com/fullchain.pem’ does not exist or is
empty\n”,)

My web server is (include version): apache2

The operating system my web server runs on is (include version): ubuntu 16.04

My hosting provider, if applicable, is: google cloud

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hello, I installed LetsEncrypt (certbot) for first time to issue certificates for the site satoshing.com. Since I couldn’t get it to work with and without www and neither get rid of the misconfiguration security alert on all browser, I ended up deleting all my certificates. I’m very lost on how to proceed to fix this issue. I would like to reset everything again and make like nothing ever happen but it seems like this is no longer possible. What should I do to properly configure my certificates? Certbot commands does not ask much.
Any help will be very appreciated. Thanks a lot.

Felipe

Hi,

Since you've deleted all the certificates....and now Apache desperately need a certificate to work...

(And I guess you have not modified any of the virtual host file in default-le-ssl.conf)

Easiest way to fix:

  1. Move the file /etc/apache2/sites-enabled/000-default-le-ssl.conf to a secure location outside your Apache directory... Preferably your userhome
  2. Run the certbot command again.

Warning: you might want to save the defauit-le-ssl.conf becasue it might contain some headers / settings moved from http version to the conf file (I'm not sure if certbot would do that)

Certbot commands do ask something... (But it's in arguments mode... I believe interactive mode does not have that much of options)

Check out this page:
https://certbot.eff.org/docs/using.html

For example, you could run sudo certbot --apache -d satoshing.com -d www.satoshing.com to get a certificate containing both names.

Thank you

Lovely. Seems to be allright now, although every browser behave differently. Some still point to an unsecured version of the site. It seems both versions are still online. Am I wrong?

Hi,

Yes. Both versions are accessible…
Now, what you might want to do is rewrite http site to https…

A simple tutorial: https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/redirect-to-https-on-apache

Thank you

Fantastic. Thanks so much!

certbot should have asked if @kiltro would like to have a redirect. Running certbot again and reinstalling the cert a second time (no need to re-issue the cert) should give him/her the choice again.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.