Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: example.org
I ran this command:
certbot -i apache -a webroot -w /var/www/html/drupal -d example.org
It produced this output:
certbot -i apache -a webroot -w /var/www/html/drupal -d example.org
My web server is (include version):
Apache/2.4.6 (CentOS)
The operating system my web server runs on is (include version):
CentOS Linux release 7.4.1708 (Core)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
Protocols h2 http/1.1
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/xxx/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxx/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName xxx
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</VirtualHost>
# modern configuration, tweak to your need
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLCompression on
SSLSessionTickets off
SSLOptions +StrictRequire
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
IF not, your apache setup is broken, or your server is missing dependencies.
I have existing apache server. And till yesterday, it was running on http://mywebsite.org.
I installed openssl and now its running on https://mywebiste which is not a trusted signed certificate.
I’m looking to run my website on both http and https or redirect http to https and with a trusted certificate.
My default.conf file has
<VirtualHost *:80>
and
ssl.conf has
<VirtualHost *:443>
Currently my website is running on both http and https. Basically it redirects http to https.
And I still get the error as
Failed authorization procedure. mywebsite.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mywebsite.org/.well-known/acme-challenge/T-0kBZCsMgkAu3zRlZfxM81CZfSbHfzq4V2FznnLWS8: Timeout
What’s your website? Does connecting to it from the Internet time out? Does it have a firewall blocking outside connections, or certain countries? Does it have IPv6? Does it work?
Also after installing this certificate, other website stopped working.
For example, mywebsite.org is working fine
But apps.mywebsite.org has stopped working.
We’re going to need you to give us some more information to help further. Not knowing the real domain name prevents us from being able to help as much, and isn’t even protecting any secrets because it’s already logged to the public certificate transparency logs.
There are a lot of reasons your site could show insecure, usually mixed-content issues. Try going through https://www.whynopadlock.com/, if you wish.
As for “stopped working”, please be more specific. It’s not responding? It’s responding but with an invalid certificate? Apache is erroring out when trying to start it?
This website is on different server but with same domain name.
It was all working fine just before installing the certificate.
Sorry, Can’t share the domain name in public as the website is not available to public yet.
I could if there’s any way that I can post it separately.
Now it says:
This site can’t be reached apps.mywebsite.org took too long to respond.
Try:
Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_TIMED_OUT
That’s one option, but a much simpler one is to just add the subdomains as well. You can have up to 100 names on a single certificate from Let’s Encrypt.
Is it like adding a new certificate? Do I have to configure all over again ?
Another question is: I would be assigning this dns (mywebsite.org) to some other server with (may be a new static ip). Does this certificate follow there or I need to install a new SSL certificate in the that server too?
The certificate is a file that's installed on a particular machine so unless you copy over all of the associated files, you don't have the certificate on another machine.