Yes I promise I am running from snap, just as shown in the screenshot.

I'm following exactly each steps here. I don't know what's wrong?

Is there a tutorial for setting up cherrypy server on route 53?

Sometimes the symbolic link /usr/bin/certbot doesn't get updated by the ln -s step, so that's why I asked to run certbot from the /snap/bin/ directory directly.

The certbot shows you running the command certbot which doesn't show which application from which path is actually being used. Chances are you're still running the pip version. The instructions on certbot.eff.org don't include removing any pip version unfortunately.

You could also run which certbot to see what path is being used if you'd run certbot.

Yes I think this likely is the problem. I just ran the command and it does show this:

ubuntu@ip-172-31-28-106:~$ which certbot
/usr/local/bin/certbot

and I solved this. Thank you guys.

You should delete the pip certbot version.

So it seems you broke your promise earlier

Can I ask a follow-up question here?

I have copied the files to my webroot directory, and then configured my Cherrypy using the following lines:

"global": {
'server.socket_host': '0.0.0.0',
'server.socket_port': 443,
'server.ssl_module': 'builtin',
'server.ssl_certificate': os.path.join(ROOT_ABSOLUTE_PATH, "cert.pem"),
'server.ssl_private_key': os.path.join(ROOT_ABSOLUTE_PATH, "privkey.pem"),
'server.ssl_certificate_chain': os.path.join(ROOT_ABSOLUTE_PATH, "chain.pem")
}

Now my homepage can't be reached.

Screenshot 2021-04-24 16.31.112150×1438 159 KB

Is there anything in my configuration file possibly wrong? Thanks.

Have you checked to ensure CherryPy is running and listening on 443?
Try:
netstat -pant | grep -i listen

There is a spare file named "fullchain.pem" that doesn't seem to fit anywhere?

That is normal.
FullChain is equal to cert plus chain.

thanks. is it safe to interchange "fullchain.pem" with "chain.pem"?

Please post back when you have a solution.

No havent figured out the solution yet. Still reading documentations hoping to find a definition for those two different files. Will post it once found answer.

As of this writing I have searched on Google but there doesn't seem to be official definition for the functions of the two files mentioned, "chain.pem" and "fullchain.pem". So I experimented exchanging one for the other, and it doesn't appear to affect the website. So yes I think they are safe to be said interchangable.

As @rg305 said, this is a combination of cert.pem plus chain.pem in a single file. This is provided because different TLS server applications expect different combinations of these certificates for their respective configurations. For example, a web server may expect the fullchain.pem combination, while a mail server may sometimes expect the cert.pem and chain.pem to be provided separately.

There is no configuration or environment that I can think of that would actively use all four of the PEM files that Certbot creates.

Thanks for this clear and definitive tip!

Not with HTTP, indeed.

But your site works perfectly on port 443 using HTTPS.

Yes, this is the desirable result actually. Thx.

Welcome to the Let's Encrypt Community, Jinghui

Why do you want your visitors to be shown an error with no http to https redirection?

Screenshot_20210425-114644_Samsung Internet1440×1161 93.9 KB

Hi there. Thank you for your kind reminder. I'm actually still working on it. once I figure out some of the key concept I'll improve my website.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.