Installation help

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
eclipse.bluemix.net

I ran this command:
sudo /usr/local/bin/certbot-auto --apache

It produced this output:
Installation was successful, but I saw this message:
Current timestamp 1576258596.37 does not correspond to newest reverter checkpoint; your clock probably jumped. Time travelling to 1576269725.62

My web server is (include version):
Apache/2.4.7 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-51-generic x86_64)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.0.0

================================
The installation was successful except that I saw a message about current timestamp not correspond to newest reverter checkpoint. Not sure if that was a problem. However, I’m still not able to connect to: https://eclipse.bluemix.net

1 Like

Not sure about the time-traveling (maybe try using NTP).
But with respect to https://eclipse.bluemix.net/
What does this show:
sudo /usr/local/bin/certbot-auto certificates

1 Like

Found the following certs:
Certificate Name: eclipse.bluemix.net
Domains: eclipse.bluemix.net
Expiry Date: 2020-03-12 15:37:03+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/eclipse.bluemix.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/eclipse.bluemix.net/privkey.pem

This is good :slight_smile:

What does this show:
apachectl -S

VirtualHost configuration:
*:443 eclipse.bluemix.net (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 eclpkgs.dal.bluemix.net (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

Interesting to see that port 80 is using the private hostname and port 443 is using the public hostname.

Will it help if I request another SSL certificate using the private domain name?

I'm not sure if you have anything available from internal (like timestamp issue), but your port 443 is not responding to any packet, and portqry showed that it's been filtered.
Can you try to confirm your firewall settings (or port forwarding if you are using residential/ business internet)?

If your server is not allowing external packets... There's no difference between public or private domain name. Also, if your domain is not "publicly registered" (tld in the public suffix list), you can't get a certificate with Let's Encrypt.

Thanks

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.