Forum SSL Issue

Minuvas · January 17, 2021, 10:00am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ragnarok-rp.com

I ran this command: sudo certbot --apache

It produced this output: error invalid selection

My web server is (include version):Centos08

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.11.0

I am attempting to run MyBB forums and the support I got on their forums was that I do not have SSL enabled for www.ragnarok-rp.com sub-domain.

However, when I attempt to add www.ragnarok-rp.com it gives me the above error.

The location of the actual file is www.ragnarok-rp.com/forums

Osiris · January 17, 2021, 10:35am

Could you please copy/paste the full output? This is a little bit too little to work with to be honest.

Also, if we look at the certificates for your domain, it seems previously you actually did have the www subdomain included. However, in your most recent certificate, it has vanished? How did that happen?

Usually, one just runs certbot renew and nothing would change.. But for some reason, your certificate did change, which most likely would have been a manual step.

sahsanu · January 17, 2021, 10:46am

Hello @Minuvas,

Here we go again

@Osiris, this came from this post Install support

@Minuvas, so your current conf should be this:

ragnarok-rp.conf:

<VirtualHost *:80>
	ServerName ragnarok-rp.com
	Redirect / https://ragnarok-rp.com/
</VirtualHost>

ragnarokrp-le-ssl.conf :

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerName ragnarok-rp.com
    DocumentRoot /var/www/html
    SSLCertificateFile /etc/letsencrypt/live/ragnarok-rp.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/ragnarok-rp.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Modify them to this:

ragnarok-rp.conf:

<VirtualHost *:80>
	ServerName ragnarok-rp.com
	ServerAlias www.ragnarok-rp.com
    RewriteEngine On
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

ragnarokrp-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerName ragnarok-rp.com
    ServerAlias www.ragnarok-rp.com
    DocumentRoot /var/www/html
    SSLCertificateFile /etc/letsencrypt/live/ragnarok-rp.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/ragnarok-rp.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Now reload or restart Apache and use certbot to expand your current certificate (if certbot asks, say it to not redirect http to https because you are already doing it).

Osiris · January 17, 2021, 10:48am

Well, that's confusing.

Minuvas · January 17, 2021, 10:52am

Modifications made and Apache reloaded.

Just so I don't mess this up, how do I 'expand the current certificate'.

And I apologize, here was the error from earlier:
Capture

Minuvas · January 17, 2021, 10:54am

Disregard - figured it out.

Thanks again for the help.

Osiris · January 17, 2021, 10:54am

First step is to actually have a www subdomain configured in your Apache. Please run apachectl -S, notice that there is no www subdomain mentioned, add the appropriate amount of correct ServerAlias directives to your Apache, run apachectl -S again to check if the www subdomain is present now and try certbot again.

sahsanu · January 17, 2021, 10:58am

I'm afraid you did it wrong, you didn't expand your current certificate, you created a new one only valid for www.ragnarok-rp.com but not for raganarok-rp.com so now you will have problems to access your site using only the apex domain ragnarok-rp.com

Minuvas · January 17, 2021, 11:04am

Ah great.

If I attempt to use www.ragnarok-rp.com and ragnarok-rp.com when it asks me which I want to activate HTTPs for, it says in the command line it is "invalid".

sahsanu · January 17, 2021, 11:04am

You must use 1,2 or 1 2 not write the domain names.

Minuvas · January 17, 2021, 11:06am

Got this.

Osiris · January 17, 2021, 11:06am

The www subdomain is missing from your port 80 virtualhost. Although it seems the certbot apache plugin now actually does recognise a www subdomain nonetheless.

Minuvas · January 17, 2021, 11:07am

I think it is expanded now.

sahsanu · January 17, 2021, 11:07am

Great, now your site is working fine.

sahsanu · January 17, 2021, 11:11am

Don't know why apachectl doesn't show the alias but op modified the conf file to this:

<VirtualHost *:80>
	ServerName ragnarok-rp.com
	ServerAlias www.ragnarok-rp.com
    RewriteEngine On
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

so the alias should appear in the output.

Osiris · January 17, 2021, 11:12am

I don't know either At least certbot isn't complaining and it seems to be working now.

sahsanu · January 17, 2021, 11:15am

Now that your site is working with both domains in one certificate maybe you want to remove the certificate you issued only for www.ragnarok-rp.com

sudo certbot delete --cert-name www.ragnarok-rp.com

system · February 16, 2021, 11:16am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.