Fatal error: Invalid license

borro · August 3, 2016, 10:11am

Please fill out the fields below so we can help you better.

My domain is: www.antilopagold.su

I ran this command: -

It produced this output: -

My operating system is (include version): debian 7.1

My web server is (include version):nginx/1.2.1 + apache 2.2.22

My hosting provider, if applicable, is: allhostings.ru

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hello. I’ve run
./certbot-auto certonly --webroot -w /var/www/antilopa/data/www/antilopagold.su -d www.antilopagold.su -d antilopagold.su

command and recieved the message:

Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.antilopagold.su/fullchain.pem. Your cert
will expire on 2016-11-01. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew all of your certificates, run
"certbot-auto renew"

But when I’m opening https://www.antilopagold.su it returns
Fatal error
Invalid license

What’s wrong?

pfg · August 3, 2016, 10:47am

The certonly command only gives you a certificate. Installing that certificate in your web server is up to you.

Mozilla’s SSL Configuration Generator is usually a good starting point. You mentioned that you’re using both nginx and apache - I assume nginx is acting as a reverse proxy, in which case you’ll need to install the certificate on nginx (apache can remain as is).

zeke · August 3, 2016, 10:48am

You may need to reload or cycle nginx. First try running:
sudo ./nginx -s reload

in my nginx.conf I have:
server {
…
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;

Check that you have the new certs in nginx.conf and then of course reload.

borro · August 3, 2016, 12:39pm

Thank you. I have such settings in nginx.conf

	server_name antilopagold.su www.antilopagold.su;
	listen 185.15.208.190:443;
        ssl on;
        ssl_certificate /var/www/httpd-cert/antilopa/antilopagold.su.crt;
        ssl_certificate_key /var/www/httpd-cert/antilopa/antilopagold.su.key;

so I need to change pathes to
ssl_certificate /etc/letsencrypt/live/www.antilopagold.su/cert.pem
ssl_certificate_key /etc/letsencrypt/live/www.antilopagold.su/privkey.pem

and restart nginx
don’t I?

pfg · August 3, 2016, 12:43pm

Almost - ssl_certificate should point to the fullchain.pem file (in the same directory as cert.pem). It’s a combination of cert.pem and chain.pem (the intermediate/issuer certificate, without this you might get warnings with some clients).

The path for ssl_certificate_key is correct. You might want to look into some of the other config directives suggested by Mozilla’s SSL Configuration Generator, but what you have there should give you a basic working configuration.

system · September 2, 2016, 12:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.