Getting error on Ubuntu Apache with Certbot setup


#1

Hi,
I run my website on my own virtual server using Ubuntu 14.04 and Apache.

I ran the instructions. And it all seemed well. Then it ended with this weird message indicating failure and success.
I had chosen options for: www.historyreviewed.com and historyreviewed.com - so that both are https.
When I tried to access the site via: https://historyreviewed.com it says it can’t find the site.
So does this mean that my certificates failed?

Here is the weird final message I got after the install. I followed all the instructions and got no error messages until the end when it said this:

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/historyreviewed.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/historyreviewed.com/privkey.pem
    Your cert will expire on 2018-07-31. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”
  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

Thanks,
Jan


#2

Please share the contents of your /var/log/letsencrypt/letsencrypt.log file. It should tell us why certbot was unable to configure your web server.


#3

Hi,
Thanks very much for getting back to me so quickly. I am new to this and this is the first time I’ve tried setting up an SSL certificate.

I couldn’t put the log in the post because its too big.

So here’s a link where you can view it: http://historyreviewed.com/letsencrypt.log

Thanks,
Jan


#4

When I look at the log it appears everything worked (I think) until it says:

Could not reverse map the HTTPS VirtualHost to the original")
certbot.errors.PluginError: Could not reverse map the HTTPS VirtualHost to the original


#5

Here is what I got from your logs and site:
/etc/apache2/sites-enabled/historyreviewed.conf
(see if that file exists and/or has been modified)

RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
(Your config did not have any special handling for the challenge requests)

Writing certificate to /etc/letsencrypt/live/historyreviewed.com/cert.pem.
Writing private key to /etc/letsencrypt/live/historyreviewed.com/privkey.pem.
Writing chain to /etc/letsencrypt/live/historyreviewed.com/chain.pem.
Writing full chain to /etc/letsencrypt/live/historyreviewed.com/fullchain.pem.
Writing README to /etc/letsencrypt/live/historyreviewed.com/README.
(it seems to have generated a cert - check with certbot certificates)

wget https://www.historyreviewed.com
–2018-05-03 14:56:31-- https://www.historyreviewed.com/
Resolving www.historyreviewed.com (www.historyreviewed.com)… 45.56.120.193, 2600:3c00::f03c:91ff:fe59:eaae
Connecting to www.historyreviewed.com (www.historyreviewed.com)|45.56.120.193|:443… failed: Connection refused.
(can the site be reached via port 443 ?)
(can it be also reached via IPv6:443 ?)


#6

Hi rudy,
Thanks so much for your feedback. I’m a bit new to linux and I am my own server admin.
I have no idea about port 443 and whether it is accessible. I’ll have to look into this.
I’ll get back to you.

And if I get port 443 opened, which commands can I run to try to get the certificate setup?

Do I just run this command?
sudo certbot --apache


#7

It seems you already have a certificate.
See the “Writing …” lines above.
And a cert was registered for those two names: https://crt.sh/?q=%historyreviewed.com

So the only thing left is to USE it.
To that end, you will need to educate yourself on how your particular web server service works.

  • How the HTTP traffic uses port 80.
  • How the HTTPS traffic uses port 443.
  • Virtual hosts…

Although, I’m pretty sure this isn’t the place for basic info on HOW-TO create a web site, maybe someone can point you in the right direction…


#8

Hi Rudy,
I already have a functioning website. Its been running for a year. If you type http://historyreviewed.com you’ll see my website.

But if you type https://historyreviewed.com/
It will tell you that there’s no website.

So the https part is not working.


#9

I’ve seen your web site (via http)
And I’ve already mentioned to you that your site is NOT accessible via HTTPS (port 443)
And I’ve shown you that you have been able to get a cert from LE (see public cert file: /etc/letsencrypt/live/historyreviewed.com/cert.pem )
And I’ve tried to make you understand that you need to educate yourself on HTTPS and web sites.
And, yes, we both agree the HTTPS part is NOT working.
But this is not the place to get advice on how to setup a web server (for HTTPS).

If you care to share your vhost configuration files, maybe someone here will take that extra effort to review it and give you some pointers.

Note: We are just “volunteers” - so don’t get upset if you don’t like free support provided to you by non-employed persons.


#10

@rg305, if you don’t want to help people install their certificates, that’s fine, but this is functionality that Certbot does offer and we do provide Certbot support here on this forum.

In this case the problem is indeed most likely with the

error, so someone can try to address that.


#11

@schoen I do understand your point and that should be addressed.
But the cert in already on the box…
Using it would be simple and straight forward if one knew a little bit about doing that.

Unfortunately, I’m still of the mindset that it is better (even to force) someone to understand how the pieces in the puzzle fit together, than just solving it for them. They will be all the wiser for it. And can take that knowledge with them into the next situation (that may not involve LE at all).


#12

Hi Schoen,
I can show you that I ran all the instructions on your page, exactly as listed. And that’s why I’m here.
My understanding was that your certbot function would take care of everything.
I had been recommended to this site by a friend whose used your ssl a lot.
But this is the very first time I’ve tried to do this.
That’s why I’m asking.
I had followed your instructions to the letter.


#13

Please show the link to the instructions you followed.
And please use the “@” symbol in front of usernames so they can notified of the message “directly”.


#14

I agree that it would be good for people to learn how to install certificates in their web servers by editing the configuration files. But as @JanLamprecht mentioned, Certbot claims to offer the functionality of installing the certificate (indeed, it’s advertised as a feature on the Certbot web site). When it fails, that’s a bug in Certbot or else something that we ought to be able to help people figure out.

@JanLamprecht, could you post your Apache configuration files here?


#15

Together we can “get to the bottom of this”.
So, to that end, @JanLamprecht please show:

  • The link to the instructions followed
  • certbot --version
  • the command you ran to get the cert
  • certbot certificates
  • Apache version
  • Apache config files

The usual “hard part” has already been accomplished - getting the cert.


#16

Hi,
This business is turning into a mess for me.
On my website my wordpress is popping up with an https:// error on widgets ever since I ran the certbot stuff.

What I really want now is to UNINSTALL this thing at the soonest.
Then I can experiment on another website.
I had not expected this to turn into a nightmare.

How do I uninstall the stuff?

Thanks,
Jan


#17

All I’m interested in now is just uninstalling this software.


#18

I think the command is something like:
certbot rollback
But I’ve never had to use it.
And I’m starting to think that I may be part of your “nightmare”.
If so, I do regret not having helped and in fact maybe having made things worse for you.
Maybe @schoen can assist with the rollback/removal.

But I would like for you to give this place a chance.
We’ve asked a lot of questions and asked for information that can aid us in helping you - but you haven’t really taken that route (other than providing the log file) yet…

While running certbot did you happen to choose the option that told it to automatically redirect HTTP to HTTPS?


#19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.