Duplicate SSL Cert Issue

Hi,

I’ve ran the command : certbot certificated and got the output below :

root@fbwh01 ~ # certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: domain.co.za-0001
Domains: domain.co.za
Expiry Date: 2020-04-22 07:36:12+00:00 (VALID: 76 days)
Certificate Path: /etc/letsencrypt/live/domain.co.za-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.co.za-0001/privkey.pem
Certificate Name: domain.co.za
Domains: domain.co.za www.domain.co.za
Expiry Date: 2020-04-22 07:20:43+00:00 (VALID: 76 days)
Certificate Path: /etc/letsencrypt/live/domain.co.za/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.co.za/privkey.pem


So it’s 2 certificates on 1 server, can I rename the one to something else, restart apache and hope for the best?

Or should I do something else?

Much appreciated.

Hi,

Okay so I removed the duplicate certificate but it’s still not working after restarting apache service.

Thanks.

They were not exactly the same.
Which did you remove?

What is not working?

Isn't it about the xxxxxxxxx-0001 and the same domain used? I deleted the xxxxxx-0001 domain.

So the certificate is not working, still shows insecure if I navigate to the domain?

What can I do to fix it, just remove certbot and reinstall.

What are the real hostnames involved?

What browser is involved?

What is the error message?

Hi,

Real hostname is : liquorice.co.za & I’m using chrome at the moment. It’s certbot running on ubuntu 16 with apache.

Thanks.

I can access your site over HTTP, but I cannot access it over HTTPS. It times out. Port 443 might be blocked by a firewall.

What error message do you get?

I did check that the firewall accepted port 443, strange but will confirm tomorrow.

Just telnet now and can’t access the port, thanks for that.

No error message, just times out as you say and get the “This site can’t be reached - liquorice.co.za took too long to respond”.

Thanks.

Mmmh, allowed port 443 but still no go…

Checked on SSL checker and got this : https://www.sslshopper.com/ssl-checker.html#hostname=https://www.liquorice.co.za/

The conf file allows port 443 as well :

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName liquorice.co.za
        ServerAlias www.liquorice.co.za
        ServerAdmin email@email.email
        DocumentRoot /var/www/liquorice.co.za
        <Directory /var/www/liquorice.co.za/>
                Options FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
        <Directory ~ "\.git">
                Order allow,deny
                Deny from all
        </Directory>

Thanks.

Now, I can access it, but your web server is serving HTTP on port 443, instead of HTTPS.

That can happen when Apache is not configured correctly, or maybe when there’s some kind of port forwarding issue.

Can you post the complete virtual host? Does it include all of the SSL* settings necessary to enable and configure HTTPS?

Can you also post the output of “sudo apachectl -t -D DUMP_VHOSTS”?

What Certbot commands did you originally use to get the certificates?

1 Like

From the config shown I can think of a few things that appear to have been omitted:

Protocols h2 http/1.1
SSLEngine On
SSLCertificateFile      conf/public.key
SSLCertificateKeyFile   conf/private.key

Here is the output of the virtual host file :

<VirtualHost *:80>
ServerName liquorice.co.za
ServerAlias www.liquorice.co.za
ServerAdmin email@email.email
DocumentRoot /var/www/liquorice.co.za
<Directory /var/www/liquorice.co.za/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

<Directory ~ ".git">
Order allow,deny
Deny from all

Here is the output of the command :

VirtualHost configuration:
*:80 is a NameVirtualHost
default server fbwh01.liqnet.co.za (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost fbwh01.liqnet.co.za (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.adoptasite.co.za (/etc/apache2/sites-enabled/adoptasite.co.za.conf:1)
alias adoptasite.co.za
port 80 namevhost liquorice.co.za (/etc/apache2/sites-enabled/liquorice.co.za.conf:1)
alias www.liquorice.co.za
port 80 namevhost lostboys.com (/etc/apache2/sites-enabled/lostboys.com.conf:1)
alias www.lostboys.com
port 80 namevhost www.ourgreatwork.co.za (/etc/apache2/sites-enabled/ourgreatwork.co.za.conf:1)
alias ourgreatwork.co.za
port 80 namevhost production.liquorice.co.za (/etc/apache2/sites-enabled/production.liquorice.co.za.conf:1)
port 80 namevhost reports.liquorice.co.za (/etc/apache2/sites-enabled/reports.liquorice.co.za.conf:1)

What happened to that file?
Can we see the rest of it (all of it)?

and also, the outputs of:
ls -l /etc/apache2/sites-enabled/*
ls -l /etc/apache2/sites-available/*

Hi,

I sorted out the issues, the original conf file didn’t contain <VirtualHost *:443> part, so I’ve added it an it worked.

Now it’s not redirecting the http to https, looks like a redirecting issue inside the conf file.

How can I set the cert to renew automatically after the 3 months is over or not possible?

Thanks.

How did you install Certbot?

What OS (including version) are you using?

If you installed from a package, there will probably be a cron job or systemd timer that runs certbot renew at random times of the day, and it will (try to) renew your certificates every 60 days.

If there isn't, you can create one.

Hi,

I didn’t install the certificate myself, got it like that.

OS running is Ubuntu 16.04

Will check on the cronjob and if not there, will create it.

Thanks.

Be sure to check both:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.