jmap
March 7, 2023, 3:40am
1
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: maptile2.org
I ran this command:
It produced this output:
sudo certbot --apache
I enabled it formaptile2.org "
And then I did an "1. Attempt to reinstall this existing certificate"
Keeping the existing certificate
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
_az
March 7, 2023, 3:44am
2
Do you have port 443 open on your server's firewall? I can't access https://maptile2.org .
Where do you see the "Certificate is not recognized" error?
4 Likes
jmap
March 7, 2023, 3:51am
3
I am a novice linux user.
It appears that I'm not running a firewall.
I'm using the default Debian 10 install - with only a couple of packages installed (notably postgresql).
I'm trying to load the website in my browser with https and it fails there and points me to this URL:
_az
March 7, 2023, 4:01am
4
Can you take a screenshot of the error screen you get in your browser? The specific error message would be helpful.
I'd like to identify whether the problem is related to port 443 being inaccessible, or whether you're seeing something else, like a self-signed certificate.
3 Likes
_az
March 7, 2023, 4:07am
6
From searching around other threads, I think PR_END_OF_FILE_ERROR is almost certainly related to port 443 being closed.
There's a couple of places you can look:
Check whether any of your OVH IP addresses have their firewall enabled (see Configuring the Network Firewall | OVH Guides ). If they do, you need to add a rule to permit port 443.
You can check inside Debian to see whether anything has applied a firewall rule. You can use this command to get a full list of the rules that your server has applied at the moment:
sudo iptables-save
3 Likes
jmap
March 7, 2023, 4:07am
7
Says the port is filtered.
Ah ha. I checked page two of the services (didn't know there was a second page). And I'm running ufw.service - "Uncomplicated firewall"
jmap
March 7, 2023, 4:11am
9
Yes. Ok so that worked! Now it's self-signed so it looks like people are going to see error messages, which is bad.
Thanks!
Maybe I need to buy a certificate - which is annoying.
1 Like
_az
March 7, 2023, 4:12am
10
jmap:
Now it's self-signed
I don't see that - https://maptile2.org/ looks good to me.
3 Likes
jmap
March 7, 2023, 4:18am
11
Firefox made me do it to view the website. Chrome works fine. Hmm... I'll try to delete the exception and see if it still works.
jmap
March 7, 2023, 4:20am
12
Problem is with www.maptile2.org (maptile2.org is the only domain in the certificate). Ok this is fine.
_az
March 7, 2023, 4:21am
13
You can replace your certificate with one that has both names by running:
sudo certbot --apache -d maptile2.org -d www.maptile2.org --cert-name maptile2.org --force-renewal
5 Likes
jmap
March 7, 2023, 4:35am
14
Awesome. I really appreciate your help! And this will really help my users. It's a volunteer run project mapping US census data and providing a free API.
3 Likes
system
April 6, 2023, 4:35am
15
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
