jtvdw
February 5, 2020, 11:46am
1
Hi,
I’ve ran the command : certbot certificated and got the output below :
root@fbwh01 ~ # certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: domain.co.za-0001
Domains: domain.co.za
Expiry Date: 2020-04-22 07:36:12+00:00 (VALID: 76 days)
Certificate Path: /etc/letsencrypt/live/domain.co.za-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.co.za-0001/privkey.pem
Certificate Name: domain.co.za
Domains: domain.co.za www.domain.co.za
Expiry Date: 2020-04-22 07:20:43+00:00 (VALID: 76 days)
Certificate Path: /etc/letsencrypt/live/domain.co.za/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.co.za/privkey.pem
So it’s 2 certificates on 1 server, can I rename the one to something else, restart apache and hope for the best?
Or should I do something else?
Much appreciated.
jtvdw
February 5, 2020, 1:34pm
2
Hi,
Okay so I removed the duplicate certificate but it’s still not working after restarting apache service.
Thanks.
rg305
February 5, 2020, 3:23pm
3
They were not exactly the same.
Which did you remove?
What is not working?
jtvdw
February 5, 2020, 7:44pm
4
Isn't it about the xxxxxxxxx-0001 and the same domain used? I deleted the xxxxxx-0001 domain.
jtvdw
February 5, 2020, 7:45pm
5
rg305:
What is not working?
So the certificate is not working, still shows insecure if I navigate to the domain?
What can I do to fix it, just remove certbot and reinstall.
What are the real hostnames involved?
What browser is involved?
What is the error message?
jtvdw
February 5, 2020, 8:01pm
7
Hi,
Real hostname is : liquorice.co.za & I’m using chrome at the moment. It’s certbot running on ubuntu 16 with apache.
Thanks.
I can access your site over HTTP, but I cannot access it over HTTPS. It times out. Port 443 might be blocked by a firewall.
What error message do you get?
jtvdw
February 5, 2020, 8:14pm
9
I did check that the firewall accepted port 443, strange but will confirm tomorrow.
Just telnet now and can’t access the port, thanks for that.
No error message, just times out as you say and get the “This site can’t be reached - liquorice.co.za took too long to respond”.
Thanks.
jtvdw
February 5, 2020, 9:20pm
10
Mmmh, allowed port 443 but still no go…
Checked on SSL checker and got this : https://www.sslshopper.com/ssl-checker.html#hostname=https://www.liquorice.co.za/
The conf file allows port 443 as well :
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName liquorice.co.za
ServerAlias www.liquorice.co.za
ServerAdmin email@email.email
DocumentRoot /var/www/liquorice.co.za
<Directory /var/www/liquorice.co.za/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
<Directory ~ "\.git">
Order allow,deny
Deny from all
</Directory>
Thanks.
Now, I can access it, but your web server is serving HTTP on port 443, instead of HTTPS.
That can happen when Apache is not configured correctly, or maybe when there’s some kind of port forwarding issue.
Can you post the complete virtual host? Does it include all of the SSL* settings necessary to enable and configure HTTPS?
Can you also post the output of “sudo apachectl -t -D DUMP_VHOSTS
”?
What Certbot commands did you originally use to get the certificates?
1 Like
rg305
February 6, 2020, 12:05am
12
From the config shown I can think of a few things that appear to have been omitted:
Protocols h2 http/1.1
SSLEngine On
SSLCertificateFile conf/public.key
SSLCertificateKeyFile conf/private.key
jtvdw
February 6, 2020, 7:11am
13
Here is the output of the virtual host file :
<VirtualHost *:80>
ServerName liquorice.co.za
ServerAlias www.liquorice.co.za
ServerAdmin email@email.email
DocumentRoot /var/www/liquorice.co.za
<Directory /var/www/liquorice.co.za/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
<Directory ~ ".git">
Order allow,deny
Deny from all
jtvdw
February 6, 2020, 7:12am
14
Here is the output of the command :
VirtualHost configuration:
*:80 is a NameVirtualHost
default server fbwh01.liqnet.co.za (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost fbwh01.liqnet.co.za (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.adoptasite.co.za (/etc/apache2/sites-enabled/adoptasite.co.za.conf:1)
alias adoptasite.co.za
port 80 namevhost liquorice.co.za (/etc/apache2/sites-enabled/liquorice.co.za.conf:1)
alias www.liquorice.co.za
port 80 namevhost lostboys.com (/etc/apache2/sites-enabled/lostboys.com.conf:1)
alias www.lostboys.com
port 80 namevhost www.ourgreatwork.co.za (/etc/apache2/sites-enabled/ourgreatwork.co.za.conf:1)
alias ourgreatwork.co.za
port 80 namevhost production.liquorice.co.za (/etc/apache2/sites-enabled/production.liquorice.co.za.conf:1)
port 80 namevhost reports.liquorice.co.za (/etc/apache2/sites-enabled/reports.liquorice.co.za.conf:1)
rg305
February 6, 2020, 2:41pm
15
What happened to that file?
Can we see the rest of it (all of it)?
and also, the outputs of:
ls -l /etc/apache2/sites-enabled/*
ls -l /etc/apache2/sites-available/*
jtvdw
February 6, 2020, 7:00pm
16
Hi,
I sorted out the issues, the original conf file didn’t contain <VirtualHost *:443> part, so I’ve added it an it worked.
Now it’s not redirecting the http to https, looks like a redirecting issue inside the conf file.
How can I set the cert to renew automatically after the 3 months is over or not possible?
Thanks.
How did you install Certbot?
What OS (including version) are you using?
If you installed from a package, there will probably be a cron job or systemd timer that runs certbot renew
at random times of the day, and it will (try to) renew your certificates every 60 days.
If there isn't, you can create one.
jtvdw
February 6, 2020, 9:09pm
18
Hi,
I didn’t install the certificate myself, got it like that.
OS running is Ubuntu 16.04
Will check on the cronjob and if not there, will create it.
Thanks.
system
Closed
March 8, 2020, 1:07am
20
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.