Hello,
I recently obtained and installed a Let's Encrypt SSL certificate for my domain https://my-domain.com. The installation completed without any errors.
However, when I try to access my website via HTTPS, it doesn’t work. The site is either unreachable or the browser shows an error.
in duckdns i used ipv6 to get the certificate because with ipv4 it diddn't work.
What is the domain name? I can't see the domain name clearly enough in the image you uploaded.
Also please answer the other questions on the form you were shown so we can help you best. Knowing the command you ran and the system you are on is very helpful. Thank you
============================
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
[quote="MikeMcQ, post:3, topic:238284"]
My domain is: mdmtop.duckdns.org
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: duckdns
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0
before doing the certificate in the installation of headwind i chech yes for https and i put the domain name ( not the public ip) and also the certificate showm me succecflly only when i configure the the domain name with ipv6 after thath success of the certificate when i do these commands :
openssl pkcs12 -export -out server.p12 -inkey domain.com.key -in ServerCertificate.cer -certfile CAchain.crt
cat CACertificate-ROOT-2.cer CACertificate-INTERMEDIATE-1.cer > CAchain.crt
Convert PKCS12 into JKS
> keytool -importkeystore -destkeystore server.jks -srckeystore server.p12 -srcstoretype PKCS12
Add path to the JKS file and password to the Tomcat settings (/etc/tomcat9/server.xml):
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName="your-domain.com">
<SSLHostConfig hostName="your-domain.com">
<Certificate certificateKeystoreFile="/var/lib/tomcat9/ssl/server.jks" type="RSA" certificateKeystorePassword="******" />
</SSLHostConfig>
</Connector>
<Parameter name="base.url" value="https://your-domain.com"/>
service tomcat9 restart
/sbin/iptables -A PREROUTING -t nat -i eno1 -p tcp -m tcp -d your-domain.com --dport 443 -j REDIRECT --to-ports 8443
/sbin/iptables -A OUTPUT -t nat -o lo -p tcp -m tcp -d your-domain.com --dport 443 -j REDIRECT --to-ports 8443
they not work
What error do you see?
Because I cannot connect to your domain at all. Are you sure that is the correct IPv6 address?
curl -6 https://mdmtop.duckdns.org:443
curl: (7) Failed to connect to mdmtop.duckdns.org port 443 after 230 ms:
Network is unreachable
nslookup mdmtop.duckdns.org
Address: 2c0f:f3a0:93:889:a00:27ff:fe71:4f8c
What does this show from the machine that is running Tomcat?
curl -6 https://ifconfig.io
Also, Tomcat supports using the .pem files created by Certbot. You don't need to import them into a keystore for Tomcat. See: Can Let's Encrypt output (.pem) be used to generate a tomcat keystore / certstore? - #3 by mcpherrinm