Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I can login to a root shell on my machine (yes or no, or I don't know): YES
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.18.0
Everything seems ok but no browser output.
Any help would be much appreciated.
Kevin
@rg305 Thank you for your response. Output requested:
VirtualHost configuration:
*:443 rescuerobot.org (/etc/apache2/sites-enabled/rescuerobot-le-ssl.conf:2)
I noticed that the forwarding to port 443 does not work.
the error message can also be found in the drupol forum, possibly a problem with the drupal installation.
OK, so this is the first site that is being TLS enabled.
Can you browse the site locally?
If so, then the problem may be at the router.
If not, then, as @jens_hb suggested, the problem may be within your software.
I agree with @jens_hb here: the error message presented by your HTTPS site does not look like a regular error page from Apache itself, which makes me think this is an error message generated by the software running "behind" Apache, probably Drupal.
Please check your error logs (Apache and/or Drupal) for more debugging info.
By the way: should your HTTP page really show the Ubuntu Apache default "It works" page?
@jens_hb@rg305 Thank you everyone for your comments. I have been a Drupal 7 (lazy) user for 9 years and have progressed from Drupal 7 to 9.2 in one leap. I have completed these steps: Install Drupal 9.txt (5.4 KB)
Kevin.
kevin@kgwebsite:~$ sudo snap install core; sudo snap refresh core
[sudo] password for kevin:
core 16-2.51.1 from Canonicalâś“ installed
snap "core" has no updates available
kevin@kgwebsite:~$
kevin@kgwebsite:~$ sudo apt-get remove certbot; sudo dnf remove certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'certbot' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
sudo: dnf: command not found
sudo snap install --classic certbot
kevin@kgwebsite:~$ sudo snap install --classic certbot
certbot 1.17.0 from Certbot Project (certbot-effâś“) installed
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache
My Drupal 9 system was running correctly prior to running the above commands.
I also wonder if the order of:
systemctl enable --now mysql
systemctl enable --now apache2
does matter.
At present mySQL service will not start automatically or manually. The mySQL error logs are empty.
I have no backup hence I will recommence the installation from the beginning. This time I will not use mySQL v8 (Drupal Support state it is supported but not required).
With regarded to: certbot --apache:
Which names would you like to activate HTTPS for?
kevin@kgwebsite:~$ sudo snap install core; sudo snap refresh core
[sudo] password for kevin:
core 16-2.51.1 from Canonicalâś“ installed
snap "core" has no updates available
kevin@kgwebsite:~$
kevin@kgwebsite:~$ sudo apt-get remove certbot; sudo dnf remove certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'certbot' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
sudo: dnf: command not found
sudo snap install --classic certbot
kevin@kgwebsite:~$ sudo snap install --classic certbot
certbot 1.17.0 from Certbot Project (certbot-effâś“) installed
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache
=============================================================
My Drupal 9 system was running correctly prior to running the above commands.
I also wonder if the order of:
# systemctl enable --now mysql
# systemctl enable --now apache2
does matter.
At present mySQL service will not start automatically or manually. The mySQL
error logs are empty.
I have no backup hence I will recommence the installation from the beginning.
This time I will not use mySQL v8 (Drupal Support state it is supported but not
required).
With regarded to: certbot --apache:
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: rescuerobot.org
2: www.rescuerobot.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Should I only select only number 1?
Based on:
root@kgwebsite:/# nslookup www.rescuerobot.org
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.rescuerobot.org canonical name = rescuerobot.org
Name: rescuerobot.org
Address: 203.109.202.205
__________________________________________________________
@rg305 Hi Rudy, I am about to format my hard-disk. What is the correct way to park the certificate and private key for a day while I reinstall ubuntu?
Thanks, Kevin.
In any secure method of transport and storage.
(SFTP comes to mind)
The simplest method is to grab the entire /etc/letsencrypt directory (with attributes and all).
[That will ensure that you continue using the same account and files]
But you could just grab the live fullchain.pem and privkey.pem if you like.
Hi @rg305
Previously I installed certbot using:
certbot --apache
which was successful.
How do I clean-out/remove the old certificate so that I can start from the beginning and do a new command line:
certbot --nginx -d rescuerobot.org -d www.rescuerobot.org
Many thanks,
Kevin
You should be able to review the list of certs maintained by certbot with: certbot certificates
If a cert was activated via certbot --apache, it can still be used by nginx (or any other program in that server). You don't need to remove a cert, simply to reissue that same cert again.
If you are switching from using Apache to nginx, I have two things to say:
Congratulations!
If you don't know how to create the secure vhost, certbot may be able to help. It may be able to use the HTTP vhost as the starting point for the creation of the secure vhost. Have a look at the certbot --install parameter. Or there may be some online tools to convert Apache vhosts to nginx format.
Hi @rg305 I would like to find a way of using certbot command but in Welcome to the Certbot documentation! — Certbot 1.19.0.dev0 documentation I could not find any other than these words:
"install: Options for modifying how a certificate is deployed" no other explanation. I guess the command is $certbot --nginx install ?
I have used this tutorial https://www.howtoforge.com/tutorial/how-to-install-drupal-with-nginx-and-ssl-on-ubuntu/ but like others it does not show the certbot modified sites-available file.
In my new server I copied in the /etc/letsencrypt files complete with permissions. I also have this from my previous attempt:
SSLCertificateFile /etc/letsencrypt/live/rescuerobot.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rescuerobot.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
I feel I am quiet close but....
Kevin
