Installation of SSL Certificate

Hello Experts,

I installed SSL certificate successfully and it was working fine but 3 days later it not supporting https:// and has restored to http:// .

Please assist.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hello Schoen,

Thank for reply…

My domain is: www.periwinkkle.com

I ran this command: wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto

It produced this output:–2019-03-05 07:31:31-- https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)… 151.101.0.201, 151.101.64.201, 151.101.128.201, …
Connecting to dl.eff.org (dl.eff.org)|151.101.0.201|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 61453 (60K) [application/octet-stream]
Saving to: ‘certbot-auto.5’
certbot-auto.5 100%[=============================================>] 60.01K --.-KB/s in 0.06s
2019-03-05 07:31:32 (997 KB/s) - ‘certbot-auto.5’ saved [61453/61453]

Then I run : ./certbot-auto certonly --webroot -w /opt/bitami/apps/wordpress/htdocs/ -d periwinkkle.com -d www.periwinkkle.com

It produced : Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t clos
e to expiry.
(ref: /etc/letsencrypt/renewal/www.periwinkkle.com.conf)
What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):

Then I pressed : 2 and enter

And it successfully renew certificate: Renewing an existing certificate
IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.periwinkkle.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.periwinkkle.com/privkey.pem
    Your cert will expire on 2019-06-03. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again. To non-interactively renew all of your certificates, run
    “certbot-auto renew”
  • If you like Certbot, please consider supporting our work by:
    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

Then I run: ./certbot-auto renew --dry-run

Here it is showing error : Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.periwinkkle.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for periwinkkle.com
http-01 challenge for www.periwinkkle.com
Cleaning up challenges
Attempting to renew cert (www.periwinkkle.com) from /etc/letsencrypt/renewal/www.periwinkkle.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for periwinkkle.com:. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.periwinkkle.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.periwinkkle.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

My web server is (include version): The operating system my web server runs on is (include version):

Website is hosted on google cloud.

I can login to a root shell on my machine (yes or no, or I don’t know): yes

Hi @Periwinkkle

if you use certonly, you have to install the certificate manual.

I don’t know enough about bitnami, but there are additional steps required to install the certificate.

Now you have a certificate only with one domain name ( https://check-your-website.server-daten.de/?q=periwinkkle.com ):

CN=www.periwinkkle.com
	14.02.2019
	15.05.2019
expires in 71 days	www.periwinkkle.com - 1 entry

So your non-www version isn’t secure, so it’s good if you use the certificate with both domain names.

But your server sends only http status 503 “Service Temporarily Unavailable”.

1 Like

We might not have named “certonly” very well because a pretty significant number of users haven’t guessed that it means “obtain but do not install”, which was the intended meaning (like “cert only, no installation” or “cert only, no web server autoconfiguration”). I think this is one of a few problems having to do with our assumptions in the original design of Certbot.

@Periwinkkle, sorry for the non-obvious meaning of “certonly”; @JuergenAuer’s explanation is exactly right. When you use certonly, you’re telling Certbot to save the certificate on disk, but not to configure your web server application to use the certificate. In this case, you would have to edit configuration files in order to tell this application to use the new certificate.

Hello Team,

Thanks for response.

This might be cause of error, I think. But problem is not resolved yet.

Please assist me with the same. How can I configure web server to use the certificate.

Thanks

You have rechecked your domain this morning (2019-03-06, 11:55 - https://check-your-website.server-daten.de/?q=periwinkkle.com ).

Looks like you use now Cloudflare.

But that means your “real certificate” is now invisible, I can only see your Cloudflare certificate.

Hello JuergenAuer,

I updated it using cloudflare. It is still not fixed. Help me to update real certificate.

Thanks

I don’t see your website directly. I see only your cloudflare certificate:

CN=sni.cloudflaressl.com, O="CloudFlare, Inc.", L=San Francisco, S=CA, C=US
	06.03.2019
	06.03.2020
expires in 365 days	sni.cloudflaressl.com, 
*.periwinkkle.com, periwinkkle.com - 3 entries

And that’s valide.

Your command uses /opt/bitami/apps/wordpress/htdocs as webroot. So create there the two required subfolders

/opt/bitami/apps/wordpress/htdocs/.well-known/acme-challenge

there a file (file name 1234) and test, if you can load this file with your browser.

http://www.periwinkkle.com/.well-known/acme-challenge/1234

If that doesn’t work, this is not your webroot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.