I finished adding my cert, chain and key. Now what?


#1

I got the “congratulations” message from the creation process. I passed the challenge. All seems fine, but if I go to the https version of my web site, I get “Site cannot be reached.”

Do I need to create a 443 virtual host in my apache config for that domain? Is there an example that I can use? I’m not sure if the key file has to be in there or what?

Thank you!


#2

Hi @davidstoll,

If you used certbot --apache, then it would be installed for you in your Apache configuration. But if you used any form of certbot certonly, then it wouldn’t (that’s what certonly means—only obtain the certificate and don’t install it).

If the virtualhost has already been created by Certbot, then you probably have a firewall blocking inbound access to port 443.

if that doesn’t resolve things, then


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

FIREWALLLLLLLLL!!!

DANG!

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Thank you so much!

Next question:

Your connection to this site is not fully secure.
Hackers might be able to see the images you’re looking at and trick you by modifying them.
Certificate is valid.
No green lock…?

Is this normal or do I need to do more. If so, I can provide all that info you are asking for.

Thanks so much!


#4

Mixed content (images, CSS, frames, or Javascript loaded over HTTP instead of HTTPS). Try the resource inspector in your browser or

https://www.whynopadlock.com/


#5

So, this is greek to me:

SSL Connection - Errors
The SSL certificate tests failed. Please be sure that you can connect to your site over SSL and try again.
Mixed Content - Errors
The Mixed content tests failed. Please be sure that you can connect to your site over SSL and try again.
Error Returned: net::ERR_CONNECTION_REFUSED


#6

Does this mean there could be http links and image references on an offsite http page?


#7

No, it means that your site isn’t working at all from the perspective of that scanner. What’s your domain name?


#8

davidstoll.com

But I figured it out, I had frames and a div that referenced an http jpg. I took the frames away and the external jpg and it’s all locked up.


#9

Now I just have to disable TLSv1.


#10

https://www.leaderssl.com/news/471-how-to-disable-outdated-versions-of-ssl-tls-in-apache


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.