Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g.
crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
I followed the instructions at this URL
It produced this output:
It properly installed the certificate.
sudo certbot --apache
I enabled it for
And then I did an "1. Attempt to reinstall this existing certificate"
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-s sl.conf
My web server is (include version):
The operating system my web server runs on is (include version):
Debian 10 buster
My hosting provider, if applicable, is:
webserver hosted on kimsufi (no support)
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
Do you have port 443 open on your server's firewall? I can't access
Where do you see the "Certificate is not recognized" error?
I am a novice linux user.
It appears that I'm not running a firewall.
I'm using the default Debian 10 install - with only a couple of packages installed (notably postgresql).
I'm trying to load the website in my browser with https and it fails there and points me to this URL:
Can you take a screenshot of the error screen you get in your browser? The specific error message would be helpful.
I'd like to identify whether the problem is related to port 443 being inaccessible, or whether you're seeing something else, like a self-signed certificate.
From searching around other threads, I think
PR_END_OF_FILE_ERROR is almost certainly related to port 443 being closed.
There's a couple of places you can look:
Check whether any of your OVH IP addresses have their firewall enabled (see
Configuring the Network Firewall | OVH Guides). If they do, you need to add a rule to permit port 443.
You can check inside Debian to see whether anything has applied a firewall rule. You can use this command to get a full list of the rules that your server has applied at the moment:
Says the port is filtered.
Ah ha. I checked page two of the services (didn't know there was a second page). And I'm running ufw.service - "Uncomplicated firewall"
Yes. Ok so that worked! Now it's self-signed so it looks like people are going to see error messages, which is bad.
Maybe I need to buy a certificate - which is annoying.
Now it's self-signed
I don't see that -
https://maptile2.org/ looks good to me.
Firefox made me do it to view the website. Chrome works fine. Hmm... I'll try to delete the exception and see if it still works.
Problem is with
www.maptile2.org ( maptile2.org is the only domain in the certificate). Ok this is fine.
You can replace your certificate with one that has both names by running:
sudo certbot --apache -d maptile2.org -d www.maptile2.org --cert-name maptile2.org --force-renewal
Awesome. I really appreciate your help! And this will really help my users. It's a volunteer run project mapping US census data and providing a free API.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.