Error setting up route53 certificate

Yes I promise I am running from snap, just as shown in the screenshot.

I'm following exactly each steps here. I don't know what's wrong?

2 Likes

Is there a tutorial for setting up cherrypy server on route 53?

2 Likes

Sometimes the symbolic link /usr/bin/certbot doesn't get updated by the ln -s step, so that's why I asked to run certbot from the /snap/bin/ directory directly.

The certbot shows you running the command certbot which doesn't show which application from which path is actually being used. Chances are you're still running the pip version. The instructions on certbot.eff.org don't include removing any pip version unfortunately.

You could also run which certbot to see what path is being used if you'd run certbot.

5 Likes

Yes I think this likely is the problem. I just ran the command and it does show this:

ubuntu@ip-172-31-28-106:~$ which certbot
/usr/local/bin/certbot

and I solved this. Thank you guys.

3 Likes

You should delete the pip certbot version.

So it seems you broke your promise earlier :wink:

5 Likes

Can I ask a follow-up question here?

I have copied the files to my webroot directory, and then configured my Cherrypy using the following lines:

"global": {
'server.socket_host': '0.0.0.0',
'server.socket_port': 443,
'server.ssl_module': 'builtin',
'server.ssl_certificate': os.path.join(ROOT_ABSOLUTE_PATH, "cert.pem"),
'server.ssl_private_key': os.path.join(ROOT_ABSOLUTE_PATH, "privkey.pem"),
'server.ssl_certificate_chain': os.path.join(ROOT_ABSOLUTE_PATH, "chain.pem")
}

Now my homepage can't be reached.

Is there anything in my configuration file possibly wrong? Thanks.

2 Likes

Have you checked to ensure CherryPy is running and listening on 443?
Try:
netstat -pant | grep -i listen

3 Likes

There is a spare file named "fullchain.pem" that doesn't seem to fit anywhere?

3 Likes

That is normal.
FullChain is equal to cert plus chain.

3 Likes

thanks. is it safe to interchange "fullchain.pem" with "chain.pem"?

3 Likes

Please post back when you have a solution.

2 Likes

No havent figured out the solution yet. Still reading documentations hoping to find a definition for those two different files. Will post it once found answer.

3 Likes

As of this writing I have searched on Google but there doesn't seem to be official definition for the functions of the two files mentioned, "chain.pem" and "fullchain.pem". So I experimented exchanging one for the other, and it doesn't appear to affect the website. So yes I think they are safe to be said interchangable.

As @rg305 said, this is a combination of cert.pem plus chain.pem in a single file. This is provided because different TLS server applications expect different combinations of these certificates for their respective configurations. For example, a web server may expect the fullchain.pem combination, while a mail server may sometimes expect the cert.pem and chain.pem to be provided separately.

There is no configuration or environment that I can think of that would actively use all four of the PEM files that Certbot creates.

3 Likes

Thanks for this clear and definitive tip!

2 Likes

Not with HTTP, indeed.

But your site works perfectly on port 443 using HTTPS.

2 Likes

Yes, this is the desirable result actually. Thx.

1 Like

Welcome to the Let's Encrypt Community, Jinghui :slightly_smiling_face:


Why do you want your visitors to be shown an error with no http to https redirection?


2 Likes

Hi there. Thank you for your kind reminder. I'm actually still working on it. once I figure out some of the key concept I'll improve my website.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.