Hi,
I run my website on my own virtual server using Ubuntu 14.04 and Apache.
I ran the instructions. And it all seemed well. Then it ended with this weird message indicating failure and success.
I had chosen options for: www.historyreviewed.com and historyreviewed.com - so that both are https.
When I tried to access the site via: https://historyreviewed.com it says it can’t find the site.
So does this mean that my certificates failed?
Here is the weird final message I got after the install. I followed all the instructions and got no error messages until the end when it said this:
IMPORTANT NOTES:
Unable to install the certificate
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/historyreviewed.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/historyreviewed.com/privkey.pem
Your cert will expire on 2018-07-31. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew all of
your certificates, run “certbot renew”
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
Here is what I got from your logs and site: /etc/apache2/sites-enabled/historyreviewed.conf
(see if that file exists and/or has been modified)
RewriteEngine on RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
(Your config did not have any special handling for the challenge requests)
Writing certificate to /etc/letsencrypt/live/historyreviewed.com/cert.pem. Writing private key to /etc/letsencrypt/live/historyreviewed.com/privkey.pem. Writing chain to /etc/letsencrypt/live/historyreviewed.com/chain.pem. Writing full chain to /etc/letsencrypt/live/historyreviewed.com/fullchain.pem. Writing README to /etc/letsencrypt/live/historyreviewed.com/README.
(it seems to have generated a cert - check with certbot certificates)
Hi rudy,
Thanks so much for your feedback. I’m a bit new to linux and I am my own server admin.
I have no idea about port 443 and whether it is accessible. I’ll have to look into this.
I’ll get back to you.
And if I get port 443 opened, which commands can I run to try to get the certificate setup?
It seems you already have a certificate.
See the “Writing …” lines above.
And a cert was registered for those two names: https://crt.sh/?q=%historyreviewed.com
So the only thing left is to USE it.
To that end, you will need to educate yourself on how your particular web server service works.
How the HTTP traffic uses port 80.
How the HTTPS traffic uses port 443.
Virtual hosts…
Although, I’m pretty sure this isn’t the place for basic info on HOW-TO create a web site, maybe someone can point you in the right direction…
I’ve seen your web site (via http)
And I’ve already mentioned to you that your site is NOT accessible via HTTPS (port 443)
And I’ve shown you that you have been able to get a cert from LE (see public cert file: /etc/letsencrypt/live/historyreviewed.com/cert.pem )
And I’ve tried to make you understand that you need to educate yourself on HTTPS and web sites.
And, yes, we both agree the HTTPS part is NOT working.
But this is not the place to get advice on how to setup a web server (for HTTPS).
If you care to share your vhost configuration files, maybe someone here will take that extra effort to review it and give you some pointers.
Note: We are just “volunteers” - so don’t get upset if you don’t like free support provided to you by non-employed persons.
@rg305, if you don't want to help people install their certificates, that's fine, but this is functionality that Certbot does offer and we do provide Certbot support here on this forum.
In this case the problem is indeed most likely with the
@schoen I do understand your point and that should be addressed.
But the cert in already on the box…
Using it would be simple and straight forward if one knew a little bit about doing that.
Unfortunately, I’m still of the mindset that it is better (even to force) someone to understand how the pieces in the puzzle fit together, than just solving it for them. They will be all the wiser for it. And can take that knowledge with them into the next situation (that may not involve LE at all).
Hi Schoen,
I can show you that I ran all the instructions on your page, exactly as listed. And that’s why I’m here.
My understanding was that your certbot function would take care of everything.
I had been recommended to this site by a friend whose used your ssl a lot.
But this is the very first time I’ve tried to do this.
That’s why I’m asking.
I had followed your instructions to the letter.
Please show the link to the instructions you followed.
And please use the “@” symbol in front of usernames so they can notified of the message “directly”.
I agree that it would be good for people to learn how to install certificates in their web servers by editing the configuration files. But as @JanLamprecht mentioned, Certbot claims to offer the functionality of installing the certificate (indeed, it’s advertised as a feature on the Certbot web site). When it fails, that’s a bug in Certbot or else something that we ought to be able to help people figure out.
@JanLamprecht, could you post your Apache configuration files here?
Hi,
This business is turning into a mess for me.
On my website my wordpress is popping up with an https:// error on widgets ever since I ran the certbot stuff.
What I really want now is to UNINSTALL this thing at the soonest.
Then I can experiment on another website.
I had not expected this to turn into a nightmare.
I think the command is something like: certbot rollback
But I’ve never had to use it.
And I’m starting to think that I may be part of your “nightmare”.
If so, I do regret not having helped and in fact maybe having made things worse for you.
Maybe @schoen can assist with the rollback/removal.
But I would like for you to give this place a chance.
We’ve asked a lot of questions and asked for information that can aid us in helping you - but you haven’t really taken that route (other than providing the log file) yet…
While running certbot did you happen to choose the option that told it to automatically redirect HTTP to HTTPS?