Goodtoyielding.com

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:goodtoyielding.com

I ran this command:sudo certbot --apache -d goodtoyielding.com

It produced this output:installed SSL but error on SSL Labs. I think Is should of ran sudo certbot --apache -d your_domain -d www.your_domain would of been better but I wonder how I correct it, do I revoke the SSL?

My web server is (include version): ubuntu18

The operating system my web server runs on is (include version):Linux apache

My hosting provider, if applicable, is:digitalocean.com

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like
2

The best way would be to do an "in-place" replacement of your current certificate.

With Certbot, this can be achieved by specifying the existing certificate name (which you can find by running sudo certbot certificates):

sudo certbot --apache --cert-name goodtoyielding.com -d goodtoyielding.com -d www.goodtoyielding.com
3 Likes
3

Hi @_az Thanks very much for your suggestion. I ran the code as suggested. I think it's working ok now? The main problem before was typing in "goodtoyielding.com" brought the user to the unsecure site but I think it ok now? SSL Server Test: goodtoyielding.com (Powered by Qualys SSL Labs)

1 Like
4

For some reason it's still not working, does anyone have any ideas?

1 Like
5

Both of these links work, so the installation went well:

That's still the case.

If you'd like the user to be automatically brought to the secure HTTPS version of your website, then you will need to add a redirect.

You can do that manually, or you can ask Certbot to set the redirect up for you:

sudo certbot install --cert-name goodtoyielding.com --redirect
1 Like
6

Thanks again @_az , I ran the command but I got this error message:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator None, Installer apache
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/goodtoyielding.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/goodtoyielding.com-le-ssl.conf
Enhancement redirect was already set.

====
Do you have any idea what this could be?

Best regards,

Alan

2 Likes
7

Other things you can do (but start with @_az's suggestion and don't do these steps unless you want more assurance of security than that offers) :

  • You can set up HSTS, this tells modern browsers who've been to the secure site, that they should never show the insecure (plain HTTP) site for a period of time, if their user tries (for whatever reason) to visit the insecure site, the browser just gives them the secure one. HTTP Strict Transport Security - Wikipedia. However you cannot really undo this (if you could it would be worthless) you can only wait for it to stop having effect after removing the change.

  • You can preload HSTS. After you are content that HSTS above works well, you can tell browser vendors their products should always do HTTPS for your sites. https://hstspreload.org/

  • Some browsers are starting to offer a mode that always does HTTPS. If you have a limited audience it could make sense to give them advice about how to use this mode, keeping them safer on every web site. Firefox 83 introduces HTTPS-Only Mode - Mozilla Security Blog

1 Like
8

Hmm. That should have worked, but apparently something is interfering with it.

What's the output of:

sudo apachectl -t -D DUMP_VHOSTS
1 Like
9

Hi @_az here is the output:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server allhotels.com (/etc/apache2/sites-enabled/allhotels.com-le-ssl.conf:1)
port 443 namevhost allhotels.com (/etc/apache2/sites-enabled/allhotels.com-le-ssl.conf:1)
port 443 namevhost cheaphostels.com (/etc/apache2/sites-enabled/cheaphostels.com-le-ssl.conf:1)
port 443 namevhost cheaptextbooks.com (/etc/apache2/sites-enabled/cheaptextbooks.com-le-ssl.conf:1)
alias www.cheaptextbooks.com
port 443 namevhost coder-forge.com (/etc/apache2/sites-enabled/coder-forge.com-le-ssl.conf:1)
alias www.coder-forge.com
port 443 namevhost coolfonts.com (/etc/apache2/sites-enabled/coolfonts.com-le-ssl.conf:1)
alias www.coolfonts.com
port 443 namevhost dailydeal.com (/etc/apache2/sites-enabled/dailydeal.com-le-ssl.conf:1)
port 443 namevhost dreamparade.com (/etc/apache2/sites-enabled/dreamparade.com-le-ssl.conf:2)
alias www.dreamparade.com
port 443 namevhost freeonmessagedomains.com (/etc/apache2/sites-enabled/freeonmessagedomains.com.conf:23)
port 443 namevhost goodtoyielding.com (/etc/apache2/sites-enabled/goodtoyielding.com-le-ssl.conf:2)
alias www.goodtoyielding.com
port 443 namevhost linkorchard.com (/etc/apache2/sites-enabled/linkorchard.com-le-ssl.conf:1)
alias www.linkorchard.com
port 443 namevhost namedream.com (/etc/apache2/sites-enabled/namedream.com-le-ssl.conf:1)
alias www.namedream.com
port 443 namevhost stackscientist.com (/etc/apache2/sites-enabled/stackscientist.com-le-ssl.conf:2)
alias www.stackscientist.com
port 443 namevhost travelsaver.com (/etc/apache2/sites-enabled/travelsaver.com-le-ssl.conf:1)
alias www.travelsaver.com
*:80 is a NameVirtualHost
default server allhotels.com (/etc/apache2/sites-enabled/allhotels.com.conf:1)
port 80 namevhost allhotels.com (/etc/apache2/sites-enabled/allhotels.com.conf:1)
port 80 namevhost cheaphostels.com (/etc/apache2/sites-enabled/cheaphostels.com.conf:1)
port 80 namevhost cheaptextbooks.com (/etc/apache2/sites-enabled/cheaptextbooks.com.conf:1)
alias www.cheaptextbooks.com
port 80 namevhost coder-forge.com (/etc/apache2/sites-enabled/coder-forge.com.conf:1)
alias www.coder-forge.com
port 80 namevhost coolfonts.com (/etc/apache2/sites-enabled/coolfonts.com.conf:1)
alias www.coolfonts.com
port 80 namevhost dailydeal.com (/etc/apache2/sites-enabled/dailydeal.com.conf:1)
port 80 namevhost dreamparade.com (/etc/apache2/sites-enabled/dreamparade.com.conf:1)
alias www.dreamparade.com
port 80 namevhost freeonmessagedomains.com (/etc/apache2/sites-enabled/freeonmessagedomains.com.conf:1)
port 80 namevhost goodtoyielding.com (/etc/apache2/sites-enabled/goodtoyielding.com.conf:1)
alias www.goodtoyielding.com
port 80 namevhost linkorchard.com (/etc/apache2/sites-enabled/linkorchard.com.conf:1)
alias www.linkorchard.com
port 80 namevhost namedream.com (/etc/apache2/sites-enabled/namedream.com.conf:1)
port 80 namevhost stackscientist.com (/etc/apache2/sites-enabled/stackscientist.com.conf:1)
port 80 namevhost travelsaver.com (/etc/apache2/sites-enabled/travelsaver.com.conf:1)
alias www.travelsaver.com
port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/zzz000-default.conf:1)

Best regards,

Alan

1 Like
10

Thank you for these suggestions @tialaramex

2 Likes
11

Here is an extract from the virtual hosts file, I wonder is some of this code causing a problem:

ServerName goodtoyielding.com
ServerAlias www.goodtoyielding.com
DocumentRoot /var/www/goodtoyielding.com/public_html

Best regards,

Alan

1 Like
12

This file should contain something like the below inside the virtualhost:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.goodtoyielding.com [OR]
RewriteCond %{SERVER_NAME} =goodtoyielding.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

That's what Certbot should have configured when it setup the redirect. If it's missing, something is not working right.

1 Like
13

I amended the file to include that code but unfortunately it's still not working! I'm completely stumped now.

1 Like
14

The redirect seems to be working for me!

1 Like
15

Magic @_az , magic! Thank you so much! I'll do some work on it today to celebrate. Can I get you a cup of coffee .. or beer even :smiley:

3 Likes
16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.