Please fill out the fields below so we can help you better.
My domain is: www.antilopagold.su
I ran this command: -
It produced this output: -
My operating system is (include version): debian 7.1
My web server is (include version):nginx/1.2.1 + apache 2.2.22
My hosting provider, if applicable, is: allhostings.ru
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Hello. I’ve run
./certbot-auto certonly --webroot -w /var/www/antilopa/data/www/antilopagold.su -d www.antilopagold.su -d antilopagold.su
command and recieved the message:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.antilopagold.su/fullchain.pem. Your cert
will expire on 2016-11-01. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew all of your certificates, run
But when I’m opening https://www.antilopagold.su it returns
certonly command only gives you a certificate. Installing that certificate in your web server is up to you.
Mozilla’s SSL Configuration Generator is usually a good starting point. You mentioned that you’re using both nginx and apache - I assume nginx is acting as a reverse proxy, in which case you’ll need to install the certificate on nginx (apache can remain as is).
You may need to reload or cycle nginx. First try running:
sudo ./nginx -s reload
in my nginx.conf I have:
Check that you have the new certs in nginx.conf and then of course reload.
Thank you. I have such settings in nginx.conf
server_name antilopagold.su www.antilopagold.su;
so I need to change pathes to
and restart nginx
ssl_certificate should point to the
fullchain.pem file (in the same directory as
cert.pem). It’s a combination of
chain.pem (the intermediate/issuer certificate, without this you might get warnings with some clients).
The path for
ssl_certificate_key is correct. You might want to look into some of the other config directives suggested by Mozilla’s SSL Configuration Generator, but what you have there should give you a basic working configuration.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.