What says sudo apachectl -S
now?
THX RIP!
THX GRIFFIN!
THX TO ALL LET'S ENCRYPT COMMUNITY SUPPORT TEAM!
You're quite welcome!
Of course you are very welcome. Would you please show the output of:
sudo apachectl -S
To relieve our anxiety
I ran this command:
sudo apachectl -S
It produced this answer:
AH00526: Syntax error on line 24 of /etc/httpd/conf/httpd-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/onearth.studio/fullchain.pem' does not
exist or is empty
Still can't read fullchain.pem, should I post it?
I'm pondering this.
Testing shows the certificate chain to be correct. But why this error?
sudo apachectl configtest shows "Syntax OK"
but
sudo apachectl -S shows the error.
Looking into a few workflows so as to verify the certificate.
Can we have another look at the output from:
sudo certbot certificates
Thanks for your answer, I ran this command:
sudo certbot certificates
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: onearth.studio
Serial Number: 4194300b99ca8a4ebb03f7cf8a68856c8b1
Key Type: RSA
Domains: onearth.studio www.onearth.studio
Expiry Date: 2021-07-24 18:28:10+00:00 (VALID: 82 days)
Certificate Path: /etc/letsencrypt/live/onearth.studio/fullchain.pem
Private Key Path: /etc/letsencrypt/live/onearth.studio/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I think @Osiris has experience debugging this kind of thing. Maybe he'll give us a "leg up" and help us verify the certificate existence and validity.
@griffin is still working it too!
One would think the apachectl -S
wasn't ran through sudo
even when @OnEarth said he/she did so Usually this (the situation where the file and its contents do actually exist, but Apache says it doesn't) is the result of a permission problem.
Is there a certbot command that can be used to fix permissions and file structure?
@OnEarth Are you certain that you ran: sudo apachectl -S ??
Not that I know of. But it's very rare for root not to be able to read the files in question.
Does apache have directory access (execute permission) all the way up into live
?
Osiris, Rip and Griffin, I did a copy and paste with the
sudo apachectl -S
command I am pretty sure but who knows I might have done a mistake because now the output is different:
VirtualHost configuration:
*:80 onearth.studio (/etc/httpd/conf/httpd.conf:58)
*:443 is a NameVirtualHost
default server ip-172-31-33-253.us-east-2.compute.internal (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost ip-172-31-33-253.us-east-2.compute.internal (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost onearth.studio (/etc/httpd/conf/httpd-le-ssl.conf:2)
alias www.onearth.studio
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/etc/httpd/htdocs"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
Ok so I don't see the error now. This is good.
Definitely a difference!
SO GREAT!
THANKS!
Ok @OnEarth ,
Where to go from here?
I'm not seeing any images, looks like your site is based completely on a script that is wrapped in html.
I won't be able to help you fix that, but there are a couple other things you could do to "tighten things up a bit".
Please let us know if your are satisfied at this point or want to continue to tweak some more.
Before the last time I ran sudo apachectl -S, I did not forgot sudo (I think) but after running
certbot --redirect --uir
I did forgot to restart apache, I don't know it it had any impact on the output of:
sudo apachectl -S
Thank you @Osiris
Rip,
I would be very glad to "tighten things up a bit", let me know what I need to do.
It's getting late in France, I'll be back tomorrow.
My site is a React App with Stripe payment method, I will fix the issue with the images.
Thank you again, all of you, for your help and for your patience,
Jan
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.