Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:chrislarivey.com
I ran this command:sudo certbot --apache
It produced this output: it worked the second time I tried it
My web server is (include version): latest apache
The operating system my web server runs on is (include version): latest ubuntu
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): certbot 0.31.0
Certbot can't break your DNS, that's not possible. And with
certbot --apache your dns isn't changed.
Checking your domain there is a simple error - https://check-your-website.server-daten.de/?q=chrislarivey.com
Your non-www works, your www not. Reason: Your certificate
expires in 90 days chrislarivey.com - 1 entry
has only one domain name, the www version is missing.
So create one certificate with both domain names -
Thanks for the help.
I tried to use sudo certbot --apache and it didn’t work. Is there a different command to add www.chris larivey or a command to delete what I have so I can start over.
Doesn't Certbot show both domains?
If not, your vHost configuration may be wrong.
Has your vHost a
note that you have a limit of 5 duplicate certificates in a week, so if you keep on trying again and again the same command hoping to get a different result you will get to this limit. Not that will block you to get a certificate for the 2 names since it’s counted as a different certificate.
I can’ t seem to find the httpd or conf.d in etc. It has to be there.
I have put the server name and alias in both the 443 and 80 configuration file. My site is still not up.
Did you restart certbot ? If yes and it did not work what was the output ?
Is your webserver running? From my testing I don’t believe it is.
$ telnet chrislarivey.com 80
$ telnet chrislarivey.com 443
What is the output from the following commands?
systemctl status apache2
ps aux | grep apache
If apache is NOT running, see if it will restart
sudo systemctl restart apache2
It says that apache is running. I checked after I did restart.
How can I restart certbot?
I meant run it manually like you did last time, I think it was certbot --apache
I saw both there this time when I ran certbot --apache
I did get this though
The following errors were reported by the server:
Detail: dns :: DNS problem: NXDOMAIN looking up A for
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Now you have removed your DNS www entry ( https://check-your-website.server-daten.de/?q=chrislarivey.com ):
So this domain name doesn't have an ip address, so you can't create a certificate via http-01 validation.
Add a DNS A entry.
I have this in route 53 for a static ip address 220.127.116.11
I also see records there for both an alias www.chrislarivey.com and an a record
These are not public visible.
So that can't work.
as said by @JuergenAuer
dig @ns-1074.awsdns-06.org chrislarivey.com A +short
dig @ns-1074.awsdns-06.org www.chrislarivey.com A +short
-> bad (no IP address)
also on both addresses your should be able to do a wget
That’s my route 53 zone. If I understand correctly I have a problem in route 53, not my web server.
Your screenshot has nothing to do with your public visible values ( https://check-your-website.server-daten.de/?q=chrislarivey.com ):
There is no CNAME of the non-www version. And the www version doesn't have an A (ipv4) or AAAA (ipv6) record.
Maybe a "private zone" or something else.
Your name servers are:
• ns-1074.awsdns-06.org / d23e598e3a96b5ffe1b039cdfda72041 -
• ns-2008.awsdns-59.co.uk / a016776f7bbc82045b760fc896198650 -
• ns-235.awsdns-29.com / 8d11ee001268fdda1377c036589eb73b -
• ns-744.awsdns-29.net / e69f46562e3217bfe5d667766445f4ca -
• ns-865.awsdns-44.net / a50c7c46d74217c10ed26284a8fbf9f5 -
There you have to change your settings.
18.104.22.168 is not my public IP address. Mine is 22.214.171.124