How do i install “lets Encrypt on Joomla!3 standalone Apache2 server?


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://www.sp2kmh.ampr.org

I ran this command: see explanation below…

It produced this output: see explanation below…

My web server is (include version): Linux linux 3.16.0-5-686-pae #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08) i686 GNU/Linux

The operating system my web server runs on is (include version): Debian 8.10 i686

My hosting provider, if applicable, is: not applicable

I can login to a root shell on my machine (yes or no, or I don’t know): definitely YES!

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): not applicable

Just created Let’s Encrypt ssl certificates: crt.sh ID 464422159

Applied relevant modifications to Apache config files.

Certificates operate properly on my main site: https://www.sp2l.ampr.org
but can not find the way how to apply certs to Joomla!3 (3.8.7) instance
running on the same machine.

All suggestions and/or guidance will be very much appreciated.

Best regards.
Tom - SP2L@wp.pl


#2

What value is in the $live_site variable in your configuration.php file?


#3

Greetings.

Now, value is as follow:
public $live_site = ‘http://www.sp2kmh.ampr.org’;

Been changing above back and forth to :
public $live_site = ‘https://www.sp2kmh.ampr.org’;

Also, simultaneously tinkered with value of:
public $force_ssl = ‘0’;
changing it from “0” to “1” or “2”, but to na avail.

Apache2 config files been changed automatically
during certificate request process.

Below, rewrite rules from apache2 000-default.conf file:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.sp2kmh.ampr.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Next, newly added lines in /default-ssl.conf file:

ServerName www.sp2kmh.ampr.org
SSLCertificateFile /etc/letsencrypt/live/sp2l.ampr.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sp2l.ampr.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Please note, site document root is: /var/www
whereas Joomla!3 www.sp2kmh.ampr.org site is deployed
in underneath directory: /var/www/sp2kmh

Frankly speaking, I can’t figure out how to “inform” Joomla!3
about presence/availability of Let’s Encrypt certificates that I have.

Seem that I’m possibly missing something obvious
but not necessarily visible at the first glance, apparently.

When all new ssl rules are in force, apache server
redirects www.sp2kmh.ampr.org site to:
https://www.sp2kmh.ampr.org/news.php
but I see content of https://www.sp2l.ampr.org/news.php
which of course is wrong and is not
what I’m expecting to see:
https://www.sp2kmh.ampr.org

Does all above ring bell, please?

Best regards.
Tom - SP2L@wp.pl


#4

http://www.sp2kmh.ampr.org
and
https://www.sp2kmh.ampr.org
are up but display two different sites.
That is, https://www.sp2kmh.ampr.org forwards to:
https://www.sp2kmh.ampr.org/news.php
which isn’t even accessible by http:
http://www.sp2kmh.ampr.org/news.php fails 404

The https site has a different logo and home page links to: http://linux.sp2l.ampr.org/

Please show:
grep -Eri 'servername|serveralias|listen|SSLCertificateFile' /etc/apache
certbot certificates


#5

Greetings.

O.K., here we go…

root@linux:/# grep -Eri ‘servername|serveralias|listen|SSLCertificateFile’

/etc/apache2/apache2.conf: ServerName linux.sp2l.ampr.org

/etc/apache2/sites-available/direct.conf: ServerName 87.251.250.110
/etc/apache2/sites-available/direct.conf: ServerName 44.165.2.2

/etc/apache2/sites-available/000-default-le-ssl.conf: ServerName sp2l.ampr.org
/etc/apache2/sites-available/000-default-le-ssl.conf: ServerAlias www.sp2l.ampr.org
/etc/apache2/sites-available/000-default-le-ssl.conf: SSLCertificateFile /etc/letsencrypt/live/sp2l.ampr.org/fullchain.pem

/etc/apache2/sites-available/000-default.conf: ServerName sp2l.ampr.org
/etc/apache2/sites-available/000-default.conf: ServerAlias www.sp2l.ampr.org
/etc/apache2/sites-available/000-default.conf: ServerName www.poland.net-44.ampr.org
/etc/apache2/sites-available/000-default.conf: ServerName www.sp2kmh.ampr.org

/etc/apache2/sites-available/default-ssl.conf: ServerName www.sp2l.ampr.org
/etc/apache2/sites-available/default-ssl.conf: SSLCertificateFile /etc/letsencrypt/live/sp2l.ampr.org/fullchain.pem

/etc/apache2/ports.conf: Listen 80
/etc/apache2/ports.conf: Listen 443
/etc/apache2/ports.conf: Listen 443

Site root document tree:
/var/www/
|— news.php
| (PHP-Fusion - www.sp2l.ampr.org)
|
|—sp2kmh/
| |— index.php
| (Joomla!3 - www.sp2kmh.ampr.org)

Both domains are registered with UCSD.edu DNS servers
and have same IP address: 87.251.250.110
Domain linux.sp2l.ampr.org is also registered
with UCSD.edu but have IP address: 44.165.2.2

Best regards.
Tom - SP2L@wp.pl


#6

Making some progress…
Please show:
certbot certificates
ls -l /etc/apache2/sites-enabled/
/etc/apache2/ports.conf (you can leave out any lines that start with #)
/etc/apache2/sites-available/000-default-le-ssl.conf
/etc/apache2/sites-available/default-ssl.conf


#7

Greetings again.

Another bunch of lines follows…

root@linux:/# ls -l /etc/letsencrypt/archive/sp2l.ampr.org
total 16
-rw-r–r-- 1 root root 2204 May 16 00:22 cert1.pem
-rw-r–r-- 1 root root 1647 May 16 00:22 chain1.pem
-rw-r–r-- 1 root root 3851 May 16 00:22 fullchain1.pem
-rw-r–r-- 1 root root 1708 May 16 00:22 privkey1.pem
root@linux:/#

root@linux:/etc/apache2# ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 35 Feb 19 20:15 000-default.conf -> …/sites-available/000-default.conf
lrwxrwxrwx 1 root root 52 May 16 00:23 000-default-le-ssl.conf -> /etc/apache2/sites-available/000-default-le-ssl.conf
lrwxrwxrwx 1 root root 45 Mar 23 01:31 default-ssl.conf -> /etc/apache2/sites-available/default-ssl.conf
lrwxrwxrwx 1 root root 30 Feb 19 20:15 direct.conf -> …/sites-available/direct.conf
root@linux:/etc/apache2# ls -l /etc/apache2/ports.conf
-rw-r–r-- 1 root root 796 Jan 26 2017 /etc/apache2/ports.conf
root@linux:/etc/apache2# ls -l /etc/apache2/sites-available/000-default-le-ssl.conf
-rw-r–r-- 1 root root 4627 May 16 00:23 /etc/apache2/sites-available/000-default-le-ssl.conf
root@linux:/etc/apache2# ls -l /etc/apache2/sites-available/default-ssl.conf
-rw-r–r-- 1 root root 6928 May 16 08:57 /etc/apache2/sites-available/default-ssl.conf
root@linux:/etc/apache2# ls -l /etc/apache2/sites-enabled/

Best regards.
Tom - SP2L


#8

This should give the detail needed to solve this riddle…

Please show

certbot certificates

and
cat /etc/apache2/ports.conf
cat /etc/apache2/sites-available/000-default-le-ssl.conf
cat /etc/apache2/sites-available/000-default.conf
cat /etc/apache2/sites-available/default-ssl.conf

To make it easier to read and understand, please post them individually and remove any lines starting with # or add \ in front of the # lines - thanks


#9

Greetings!

Profoundly checked two files:
my original one 000-default.conf
and new one generated by Let’s Encrypt
installation procedure, 000-default-le-ssl.conf

It appeared that new file was missing whole block
related to www.sp2kmh.ampr.org site.
Therefore redirection wasn’t working properly.

Nonetheless there is still minor issue as above site
is showing black padlock and yellow triangle
with white exclamation mark inside, apparently.
Need to investigate matter further.

Anyways, thank you very much for kind support
and your time devoted in order to solve issue.

Best regards.
Tom - SP2L@wp.pl


#10

This is a mixed content problem (about loading insecure resources inside a secure page).

You can look at the page source and search for http:// to find these resources. Or, whenever it finishes, maybe this scan:

https://www.whynopadlock.com/results/705df912-9c81-4556-af14-5d43f2f2171c


#11

Hello Seth.

Bingo!!! Perfect catch, indeed!
I appreciate very much your concise and substantive answer - thank you.

Checking further, I found A LOT of “http://…” in a lot
of files that constitute Joomla!3 CMS governing SP2KMH site.

I replaced just some of “http://…” by “https://…”
and now whilst refreshing web browser window
a green(!) padlock pops up for split second!

Have a nice day.

Best regards.
Tom - SP2L@wp.pl


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.