Install Let’s Encrypt SSL Certificate on CentOS 8

What problem exactly, because that’s still not clear to me, mainly because you’re not sharing the actual domain name.

1 Like

The MISMATCH error.
Excuse me, Why you need the real domain name?

Without it we are unable to provide you with real and accurate support.
All we can do now is guess.

As for the /etc/hosts file, you should NOT have to put/change anything in there to get, or use, a cert.

I gave you the answer to this yesterday:

Stop worrying about your SSLLabs score; none of those are going to matter until you get Apache serving the right cert. Once you get that taken care of, you can worry about cipher suite selection and such.

1 Like

Now that you mention Ciphers, I found this a bit ironic:

“I want ALL possible ciphers, and to that I want to add…”

You should have been presented with this when you opened your topic:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Hi @Hack3rcon

this is a Letsencrypt forum. Not a forum about “How to configure a server”.

A lot of your questions are off-topic.

Thanks.

3 Likes

Hello,
My WordPress website is not up after I changed the values of “hostname” and “hosts” files.
My web site name is “mydomain.net” ==> It is an example.
When I installed the CentOS 8, I left the domain setting default (localhost.localdomain) and I installed and configured the LAMP and Letsencrypt. Everything worked correctly till I changed my “hostname” and “hosts” files as below:

# cat /etc/hostname
#localhost.localdomain
mydomain.net

# cat /etc/hosts
#127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

"My Server IP"  mydomain.net mydomain

After it my server show me “Your connection is not private” error and I can’t browse my website.
I googled and find a page that told it is because of “localhost.key” and “localhost.crt” files. because I changed the default hostname.
I removed these files and “certbot”:

# rm /etc/pki/tls/private/localhost.key
# rm /etc/ssl/certs/localhost.crt

And after it I used below command to generate a default key:

/usr/libexec/httpd-ssl-gencerts

And:

# openssl x509 -in /etc/ssl/certs/localhost.crt -noout -subject
subject=C = US, O = Unspecified, CN = mydomain.net, emailAddress = root@mydomain.net

This command, generated “localhost” files and I want to configure my Virtual Host from start.
In “httpd.conf”:

ServerName mydomain.net

And Virtual Host file is as below:

<VirtualHost *:80>
ServerAdmin root@localhost
ServerName mydomain.net
DocumentRoot /var/www/wordpress
<Directory "/var/www/wordpress">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common
</VirtualHost>

I installed the certbot:

# dnf install certbot python3-certbot-apache

Then:

# certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): info@mydomain.net

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: mydomain.net
2: www.mydomain.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):   ===> "I hit Enter key"
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mydomain.net
http-01 challenge for www.mydomain.net
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/wp-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/wp-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/wp-le-ssl.conf
Redirecting vhost in /etc/httpd/conf.d/wp.conf to ssl vhost in /etc/httpd/conf.d/wp-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://mydomain.net and
https://www.mydomain.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Subscribe to the EFF mailing list (email: info@mydomain.net).

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mydomain.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mydomain.net/privkey.pem
   Your cert will expire on 2020-12-02. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

 - We were unable to subscribe you the EFF mailing list because your
   e-mail address appears to be invalid. You can try again later by
   visiting https://act.eff.org.

After it:

# systemctl restart httpd
# apachectl configtest
Syntax OK

And my Virtual Host config file became to:

<VirtualHost *:80>
ServerAdmin root@localhost
ServerName mydomain.net
ServerAlias www.mydomain.net
DocumentRoot /var/www/wordpress
<Directory "/var/www/wordpress">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mydomain.net [OR]
RewriteCond %{SERVER_NAME} =mydomain.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

When I browse my website then:


Apache log tell me:

]# cat /var/log/httpd/error_log
[Thu Sep 03 19:28:36.973820 2020] [mpm_event:notice] [pid 456658:tid 140461237471552] AH00493: SIGUSR1 received.  Doing graceful restart
[Thu Sep 03 19:28:37.085905 2020] [lbmethod_heartbeat:notice] [pid 456658:tid 140461237471552] AH02282: No slotmem from mod_heartmonitor
[Thu Sep 03 19:28:37.091499 2020] [mpm_event:notice] [pid 456658:tid 140461237471552] AH00489: Apache/2.4.37 (centos) OpenSSL/1.1.1c mod_fcgid/2.3.9 configured -- resuming normal operations
[Thu Sep 03 19:28:37.091551 2020] [core:notice] [pid 456658:tid 140461237471552] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Sep 03 19:28:43.011100 2020] [mpm_event:notice] [pid 456658:tid 140461237471552] AH00493: SIGUSR1 received.  Doing graceful restart
[Thu Sep 03 19:28:43.124229 2020] [lbmethod_heartbeat:notice] [pid 456658:tid 140461237471552] AH02282: No slotmem from mod_heartmonitor
[Thu Sep 03 19:28:43.129813 2020] [mpm_event:notice] [pid 456658:tid 140461237471552] AH00489: Apache/2.4.37 (centos) OpenSSL/1.1.1c mod_fcgid/2.3.9 configured -- resuming normal operations
[Thu Sep 03 19:28:43.129865 2020] [core:notice] [pid 456658:tid 140461237471552] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Sep 03 19:28:46.669732 2020] [mpm_event:notice] [pid 456658:tid 140461237471552] AH00493: SIGUSR1 received.  Doing graceful restart
[Thu Sep 03 19:28:46.778790 2020] [lbmethod_heartbeat:notice] [pid 456658:tid 140461237471552] AH02282: No slotmem from mod_heartmonitor
[Thu Sep 03 19:28:46.783707 2020] [mpm_event:notice] [pid 456658:tid 140461237471552] AH00489: Apache/2.4.37 (centos) OpenSSL/1.1.1c mod_fcgid/2.3.9 configured -- resuming normal operations
[Thu Sep 03 19:28:46.783746 2020] [core:notice] [pid 456658:tid 140461237471552] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Sep 03 19:28:47.058568 2020] [mpm_event:notice] [pid 456658:tid 140461237471552] AH00493: SIGUSR1 received.  Doing graceful restart
[Thu Sep 03 19:28:47.166532 2020] [lbmethod_heartbeat:notice] [pid 456658:tid 140461237471552] AH02282: No slotmem from mod_heartmonitor
[Thu Sep 03 19:28:47.171438 2020] [mpm_event:notice] [pid 456658:tid 140461237471552] AH00489: Apache/2.4.37 (centos) OpenSSL/1.1.1c mod_fcgid/2.3.9 configured -- resuming normal operations
[Thu Sep 03 19:28:47.171485 2020] [core:notice] [pid 456658:tid 140461237471552] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Sep 03 19:30:51.127973 2020] [mpm_event:notice] [pid 456658:tid 140461237471552] AH00492: caught SIGWINCH, shutting down gracefully
[Thu Sep 03 19:30:52.325040 2020] [core:notice] [pid 460651:tid 140567023769920] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Thu Sep 03 19:30:52.327359 2020] [suexec:notice] [pid 460651:tid 140567023769920] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Sep 03 19:30:52.330126 2020] [:notice] [pid 460651:tid 140567023769920] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Thu Sep 03 19:30:52.330164 2020] [:notice] [pid 460651:tid 140567023769920] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"
[Thu Sep 03 19:30:52.330173 2020] [:notice] [pid 460651:tid 140567023769920] ModSecurity: PCRE compiled version="8.42 "; loaded version="8.42 2018-03-20"
[Thu Sep 03 19:30:52.330186 2020] [:notice] [pid 460651:tid 140567023769920] ModSecurity: LUA compiled version="Lua 5.3"
[Thu Sep 03 19:30:52.330191 2020] [:notice] [pid 460651:tid 140567023769920] ModSecurity: YAJL compiled version="2.1.0"
[Thu Sep 03 19:30:52.330196 2020] [:notice] [pid 460651:tid 140567023769920] ModSecurity: LIBXML compiled version="2.9.7"
[Thu Sep 03 19:30:52.330201 2020] [:notice] [pid 460651:tid 140567023769920] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Thu Sep 03 19:30:52.387610 2020] [lbmethod_heartbeat:notice] [pid 460651:tid 140567023769920] AH02282: No slotmem from mod_heartmonitor
[Thu Sep 03 19:30:52.396738 2020] [mpm_event:notice] [pid 460651:tid 140567023769920] AH00489: Apache/2.4.37 (centos) OpenSSL/1.1.1c mod_fcgid/2.3.9 configured -- resuming normal operations
[Thu Sep 03 19:30:52.396802 2020] [core:notice] [pid 460651:tid 140567023769920] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

What is my mistake? How can I solve it?

Thank you.

What’s your domain name?
Why would you enter your IP into hosts file instead of using public DNS?
What’s the complete Apache configuration?

Public DNS? How?
Apache configuration is:

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used.  If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"
ServerName mydomain.net
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80


Include conf.modules.d/*.conf

User apache
Group apache

ServerAdmin root@localhost

#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/var/www/html"

#
# Relax access to content within /var/www.
#
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

# Further relax access to the default document root:
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    # Options Indexes FollowSymLinks

    Options FollowSymLinks
    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
    Require all denied
</Files>

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error_log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    #CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to
    # exist in your server's namespace, but do not anymore. The client
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>

#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig /etc/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default.  To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    #
    # The mod_mime_magic module allows the server to use various hints from the
    # contents of the file itself to determine its type.  The MIMEMagicFile
    # directive tells the module where the hint definitions are located.
    #
    MIMEMagicFile conf/magic
</IfModule>

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on

# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf


#Security
TraceEnable off
ServerSignature Off
ServerTokens Prod

SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder on
SSLCompression          off
SSLSessionTickets       off



TimeOut 60
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
ErrorDocument 500 "Oh sorry dear."

FileETag MTime
KeepAlive On
MaxKeepAliveRequests 100
MaxConnectionsPerChild 1000
UseCanonicalName Off
LimitInternalRecursion 5
LimitRequestFields 500
AcceptPathInfo Off
MaxRanges 100
KeepAliveTimeout 4


# Modules
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule headers_module modules/mod_headers.so
RequestReadTimeout header=20-600,MinRate=500 body=20,MinRate=500

Result is:

This means your server is working but have a misconfigured certificate. Please share the virtual host configuration for your domain… You only shared your Apache.conf which doesn’t contain any useful information…

It is:

<VirtualHost *:80>
ServerAdmin root@localhost
ServerName mydomain.net
ServerAlias www.mydomain.net
DocumentRoot /var/www/wordpress
<Directory "/var/www/wordpress">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mydomain.net [OR]
RewriteCond %{SERVER_NAME} =mydomain.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

That’s only PART of your virtual host configuration. Where is your *:443 host?

Then undo that.

Problem solved.

That’s not a real problem.

1 Like

I have not it because “certbot” created another file for it:

 cat /etc/httpd/conf.d/wp-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin root@localhost
ServerName mydomain.net
ServerAlias www.mydomain.net
DocumentRoot /var/www/wordpress
<Directory "/var/www/wordpress">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.net/privkey.pem
</VirtualHost>
</IfModule>

If you read my texts, I removed the default certificate and can’t undo it. I want to change localhost to my web site name.

When I used “certbot delete” command and reconfigure my let’s encrypt then it should not solved?

Excuse me, I don’t know why you merged these two problems, but if you are not OK with help then OK. tell me how can I remove Let’s Encrypt certificate and back my website to normal HTTP.

Thank you.

I changed all setting to localhost but certbot show me:

An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains:

We’re all getting really confused here. You state that you want to remove your Let’s Encrypt certificate and yet you’ve issued so many certificates that you’ve hit the identical rate limit and yet are still trying to issue another certificate.

@JuergenAuer

I can’t believe I’m the one saying this: is it time to close this one yet?

2 Likes