How to install a SSL certificate?


#1

I am totally new to the whole ssl thing and to Let’s Encrypt. I think, I was sucessful in getting a certificate, but I have no idea how to install the certificate.

For getting a certificate, I used webroot (because certbot-auto --apache does not work).

My domain is: kita-rechtsanwalt.de

I ran this command: ./certbot-auto certonly --webroot -w /var/www/kita-rechtsanwalt.de -d kita-rechtsanwalt.de

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/kita-rechtsanwalt.de.conf)

What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for kita-rechtsanwalt.de
Using the webroot path /var/www/kita-rechtsanwalt.de for all unmatched domains.
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/kita-rechtsanwalt.de/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/kita-rechtsanwalt.de/privkey.pem

My web server is (include version): Apache 2.2.22

The operating system my web server runs on is (include version): Debian 7

My hosting provider, if applicable, is: 1+1

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi,

You’ve already got certificate for the domain…

However, two issues remain before you could use it correctly.

  1. Open port 443 on firewall
  2. Install the certificate on to your Apache virtual Host.

Thank you


#3

It might work to use certbot --apache instead of certonly --webroot. In the former case, Certbot would attempt to reconfigure your web server to use the new certificate after obtaining it. (certonly is asking Certbot not to do this.)


#4

emm…

I believe that the OP claim his apache plugin is not working…


#5

Oh, I missed that. @eisenarnold, what’s the trouble with the Apache plugin?

In this case you would normally need to make a new virtual host listening on port 443 and configure that virtual host to use the files in /etc/letsencrypt/live.


#6

Thanks for the clarification. It took me some time, but now it works.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.