Https does not work after running certbot

davidbear · March 30, 2023, 7:44pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: formativequiz.org

I ran this command: https://formativequiz.org

It produced this output:

My web server is (include version):
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2023-03-08T17:32:54

The operating system my web server runs on is (include version):
5.15.0-1033-aws - nominally ubuntu 20 LTS

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don't know):
I can sudo

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.4.0

Everything appeared to run well, but could not https. Is there an apache conf that needs changing?

Bruce5051 · March 30, 2023, 7:49pm

If you are using the HTTP-01 challenge of the Challenge Types - Let's Encrypt Port 80 needs to be open; Best Practice - Keep Port 80 Open.

Presently both Port 80 & 443 are Closed.

$ nmap -Pn formativequiz.org
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-30 19:47 UTC
Nmap scan report for formativequiz.org (3.18.90.135)
Host is up (0.077s latency).
rDNS record for 3.18.90.135: ec2-3-18-90-135.us-east-2.compute.amazonaws.com
Not shown: 997 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 8.07 seconds

MikeMcQ · March 30, 2023, 7:51pm

Not any more

HTTPS looks fine. @davidbear did you find/fix your problem?

Bruce5051 · March 30, 2023, 7:52pm

Rapid change, in just 4 minutes.

$ nmap -Pn formativequiz.org
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-30 19:51 UTC
Nmap scan report for formativequiz.org (3.18.90.135)
Host is up (0.085s latency).
rDNS record for 3.18.90.135: ec2-3-18-90-135.us-east-2.compute.amazonaws.com
Not shown: 997 filtered ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 7.36 seconds

davidbear · March 30, 2023, 8:05pm

Thanks for the help! Revisited the Lightsail instructions. It "expanded" my certificate, and then magically it now works. I'm a little confused about the renewal process. Thanks again!
Edit:
My solution was found here: Install a standard Let’s Encrypt certificate in Lightsail | AWS re:Post
I am not using a Bitnami solution, just raw ubuntu

MikeMcQ · March 30, 2023, 8:10pm

Generally, the bncert tool is used in Lightsail / Bitnami rather than certbot. There were some old instructions from AWS describing a manual process for certbot (which is awful).

bncert can't do wildcards but that's not often needed on Lightsail

Note the alert on the top about using bncert:
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress

system · April 29, 2023, 8:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.