Help after renew my cert


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:https://magiciptv.co.uk/billing/admin/login.php

I ran this command:sudo certbot --apache

It produced this output:

My web server is (include version):apache 2

The operating system my web server runs on is (include version):ubuntu 14,4 64 bit

My hosting provider, if applicable, is:contabo

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no


#2

It seems like your webserver is misconfigured and is not using your existing Let’s Encrypt certificates.

What’s this show:

apachectl -t -D DUMP_VHOSTS

Since you’re currently affected by rate limits you won’t be able to renew right now, but you shouldn’t need to.


#3

VirtualHost configuration:
185.132.133.148:80 www.thebesthost.uk (/etc/apache2/sites-enabled/000-default.conf:13)
173.212.240.34:80 is a NameVirtualHost
default server www.magiciptv.co.uk (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.magiciptv.co.uk (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.smartvpn.co.uk (/etc/apache2/sites-enabled/000-default.conf:5)
port 80 namevhost www.expressiptv.com (/etc/apache2/sites-enabled/000-default.conf:9)
port 80 namevhost www.skyforallcsp2.info (/etc/apache2/sites-enabled/000-default.conf:17)
port 80 namevhost 173.212.240.34 (/etc/apache2/sites-enabled/000-default.conf:21)
*:443 mail.magiciptv.co.uk (/etc/apache2/sites-enabled/default-ssl.conf:2)


#4

OK.

So we know that Certbot has not actually installed any certificates into Apache yet.

We want to do that as your final goal, but we need to figure out what certificates are available to install. What does this show:

sudo certbot certificates

#5

root@magiciptv:~# sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: thebesthost.uk
Domains: thebesthost.uk
Expiry Date: 2018-12-23 21:49:44+00:00 (VALID: 1 day)
Certificate Path: /etc/letsencrypt/live/thebesthost.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/thebesthost.uk/privkey.pem
Certificate Name: www.smartvpn.co.uk
Domains: www.smartvpn.co.uk
Expiry Date: 2019-02-21 22:39:53+00:00 (VALID: 61 days)
Certificate Path: /etc/letsencrypt/live/www.smartvpn.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.smartvpn.co.uk/privkey.pem
Certificate Name: www.thebesthost.uk
Domains: www.thebesthost.uk
Expiry Date: 2018-12-23 21:50:05+00:00 (VALID: 1 day)
Certificate Path: /etc/letsencrypt/live/www.thebesthost.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.thebesthost.uk/privkey.pem
Certificate Name: expressiptv.com
Domains: magiciptv.co.uk expressiptv.com www.expressiptv.com www.magiciptv.co.uk
Expiry Date: 2019-03-21 20:45:04+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/expressiptv.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/expressiptv.com/privkey.pem
Certificate Name: magiciptv.co.uk
Domains: magiciptv.co.uk
Expiry Date: 2019-03-21 21:29:02+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/magiciptv.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/magiciptv.co.uk/privkey.pem
Certificate Name: smartvpn.co.uk
Domains: smartvpn.co.uk
Expiry Date: 2019-02-21 22:40:37+00:00 (VALID: 61 days)
Certificate Path: /etc/letsencrypt/live/smartvpn.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/smartvpn.co.uk/privkey.pem
Certificate Name: www.magiciptv.co.uk
Domains: www.magiciptv.co.uk
Expiry Date: 2019-03-21 20:29:21+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.magiciptv.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.magiciptv.co.uk/privkey.pem
Certificate Name: www.expressiptv.com
Domains: www.expressiptv.com
Expiry Date: 2019-02-21 22:40:58+00:00 (VALID: 61 days)
Certificate Path: /etc/letsencrypt/live/www.expressiptv.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.expressiptv.com/privkey.pem


#6

ok i think i sorted the cert for the first domain can i add cert to each domain in my server ?


#7

Hi @gemihema

yes, that should work. Find your correct vHost (port 443), there should be something like

        SSLEngine on
        SSLCertificateKeyFile /etc/ssl.key/example.com.key
        SSLCertificateFile /etc/ssl.crt/example.com.crt

Instead of

        SSLCertificateKeyFile /etc/ssl.key/example.com.key
        SSLCertificateFile /etc/ssl.crt/example.com.crt

use (sample).

        SSLCertificateFile /etc/letsencrypt/live/www.magiciptv.co.uk/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.magiciptv.co.uk/privkey.pem

#8
DocumentRoot "/var/www/html/magiciptv/" ServerName www.magiciptv.co.uk ServerAlias magiciptv.co.uk Include /etc/letsencrypt/options-ssl-apache.conf ServerAlias expressiptv.com SSLCertificateFile /etc/letsencrypt/live/magiciptv.co.uk/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/magiciptv.co.uk/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/magiciptv.co.uk/chain.pem DocumentRoot "/var/www/html/express/" ServerName www.expressiptv.com

#9

what should i change there to add cert to expressiptv.com as well


#10

Certbot should (ideally) be installing these for you - you shouldn’t need to make any configuration changes.

What does Certbot say when you run the following:

sudo certbot --apache --reinstall -d magiciptv.co.uk

#11

root@magiciptv:/etc/apache2/sites-enabled# sudo certbot --apache --reinstall -d magiciptv.co.uk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):


#12

thing is i think i got magiciptv to wok ok now but all express iptv redirect to magic iptv so i think it s mising in configuration


#13

Huh, looks like it’s already been setup - https://magiciptv.co.uk/

You can try the same command for your other domains.