Https://straatosphere.com/


#1

Hi,

Last Friday, I renewed my ssl using this command “sudo certbot certonly --nginx -d straatosphere.com -d www.straatosphere.com -d cdn.straatosphere.com -dcdn2.straatosphere.com -d cdn3.straatosphere.com -d cdn4.straatosphere.com” in digital ocean but i got this message “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.”. So, I run this command “sudo certbot --authenticator standalone --installer nginx -dstraatosphere.com --pre-hook “service nginx stop” --post-hook “service nginx start”” It was ok to renew.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer nginx

Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Running pre-hook command: service nginx stop

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for straatosphere.com

Waiting for verification…

Cleaning up challenges

Running post-hook command: service nginx start

Deployed Certificate to VirtualHost /etc/nginx/sites-enabled/digitalocean for set([‘cdn3.straatosphere.com’, ‘straatosphere.com’, ‘cdn4.straatosphere.com’, ‘www.straatosphere.com’, ‘cdn.straatosphere.com’, ‘cdn2.straatosphere.com’])

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you’re confident your site works on HTTPS. You can undo this

change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1


Congratulations! You have successfully enabled https://straatosphere.com

You should test your configuration at:

https://www.ssllabs.com/ssltest/analyze.html?d=straatosphere.com


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/straatosphere.com-0001/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/straatosphere.com-0001/privkey.pem

Your cert will expire on 2019-06-26. To obtain a new or tweaked

version of this certificate in the future, simply run certbot again

with the “certonly” option. To non-interactively renew all of

your certificates, run “certbot renew”

  • If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate

Donating to EFF: https://eff.org/donate-le

root@straat-server-sgp1:~#

but when i refresh my web page the css and html was broke. I used w3 total cache in our wordpress site. So, now i disable my w3 total cache and MaxCDN also.

Please suggest me to solve this issue.

Thanks.


#2

Hi @aungsithu

you have created one certificate with only one domain name ( https://check-your-website.server-daten.de/?q=straatosphere.com ):

CN=straatosphere.com
	29.03.2019
	27.06.2019
expires in 87 days	straatosphere.com - 1 entry

And you use that certificate. So non-www works, www doesn’t work.

But you have valid certificates:

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
1334636340 CN=“cPanel, Inc. Certification Authority”, O=“cPanel, Inc.”, L=Houston, C=US, ST=TX 2019-03-30 23:00:00 2019-06-29 21:59:59 mail.straatosphere.com, webmail.straatosphere.com
1332173012 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-28 22:25:17 2019-06-26 21:25:17 straatosphere.com duplicate nr. 1
1119274248 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-01-17 10:37:42 2019-04-17 09:37:42 cdn.straatosphere.com, cdn2.straatosphere.com, cdn3.straatosphere.com, cdn4.straatosphere.com, straatosphere.com, www.straatosphere.com
1109744862 CN=“cPanel, Inc. Certification Authority”, O=“cPanel, Inc.”, L=Houston, C=US, ST=TX 2019-01-13 23:00:00 2019-04-14 21:59:59 mail.straatosphere.com, webmail.straatosphere.com

one expires 2019-04-17.

One script

//straatosphere.com/wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1553663826&ver=1.7.30

has a Forbidden, no other content problems.

Run the same command with all domains. Or (better):

You have a running website. So using --standalone stops your webserver -> your site is down.

Add the preferred-challenges - parameter. And first use the test-system, so you don’t hit a limit.

sudo certbot certonly --test-cert --nginx -d straatosphere.com -d www.straatosphere.com -d cdn.straatosphere.com -d cdn2.straatosphere.com -d cdn3.straatosphere.com -d cdn4.straatosphere.com --preferred-challenges http

#3

Hi Huergen Auer,

So, Can i run this command “sudo certbot certonly --test-cert --nginx -d straatosphere.com -d www.straatosphere.com -d cdn.straatosphere.com -d cdn2.straatosphere.com -d cdn3.straatosphere.com -d cdn4.straatosphere.com --preferred-challenges http” because i don’t know about the command. Please support the correct command for this. I want to be a normal state.

Thanks.


#4

Check the documentation:

It’s

  • a test certificate, so you don’t hit the limit of the productive system. The test system has it’s own limits, they are higher
  • --preferred-challenges http means: You use http-01 validation.

I don’t really understand your first error message.

Such a message is produced if you want a wildcard and use http-validation. And you use the v01-api. This api has some limitations (I’ve never used the v1, startet with v2).

Perhaps switch to v02:

--server https://acme-v02.api.letsencrypt.org/directory

#5

Hi JuergenAuer,

So, Now how can i do that? I don’t really know the command. So, Can you suggest the correct command for disable “–standalone”.

Thanks


#6

That’s the reason you should check the documentation.

  --apache          Use the Apache plugin for authentication & installation
  --standalone      Run a standalone webserver for authentication
  --nginx           Use the Nginx plugin for authentication & installation
  --webroot         Place files in a server's webroot folder for authentication
  --manual          Obtain certificates interactively, or using shell script hooks