Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: finance.gkp.pk
I ran this command:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
It produced this output:
My web server is (include version):
Ubuntu18.04.4 LTS
Codename: Bionic
The operating system my web server runs on is (include version): Ubuntu
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I donāt know): Yes
Iām using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if youāre using Certbot): 0.31.0
1 Like
Hi @imshehryar
there are some checks of your domain, created yesterday - https://check-your-website.server-daten.de/?q=finance.gkp.pk
You have created one good certificate with both domain names (non-www and www):
Issuer
not before
not after
Domain names
LE-Duplicate
next LE
Let's Encrypt Authority X3
2020-03-09
2020-06-07
finance.gkp.pk, www.finance.gkp.pk - 2 entries
duplicate nr. 1
Let's Encrypt Authority X3
2020-03-09
2020-06-07
finance.gkp.pk - 1 entries
duplicate nr. 1
But your port 443 doesn't answer.
Is there a blocking firewall? Or is this
Host
T
IP-Address
is auth.
ā Queries
ā Timeout
finance.gkp.pk
A
175.107.63.149 Peshawar/Khyber Pakhtunkhwa/Pakistan (PK) - National Telecommunication Corporation Hostname: 175-107-63-149.reverse.ntc.net.pk
yes
1
0
AAAA
yes
www.finance.gkp.pk
A
175.107.63.149 Peshawar/Khyber Pakhtunkhwa/Pakistan (PK) - National Telecommunication Corporation Hostname: 175-107-63-149.reverse.ntc.net.pk
yes
1
0
AAAA
yes
a home server, so a port forwarding is missing?
1 Like
Thanks for the quick responseā¦
My ufw status is as follows:
To Action From
Apache ALLOW Anywhere
22/tcp ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
Apache (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
Works your https internal?
curl https://finance.gkp.pk/
from that machine?
It produces the following output:
curl: (51) SSL: no alternative certificate subject name matches target host name āfinance.gkp.pkā
please guide me how to resolve this issueā¦thank you
9peppe
March 10, 2020, 7:53pm
6
What command did you run to obtain and install your certificates?
What was its output?
You can find out the command by running history | grep certbot
I don't think so, looks governmental.
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache
sudo certbot --apache -d finance.gkp.pk -d www.finance.gkp.pk
9peppe
March 10, 2020, 8:09pm
8
what does certbot certificates
say?
Giuseppe C.:
certbot certificates
It says:
Found the following certs:
Certificate Name: finance.gkp.pk
Domains: finance.gkp.pk
Expiry Date: 2020-06-08 16:12:19+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/finance.gkp.pk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/finance.gkp.pk/privkey.pem
Certificate Name: www.finance.gkp.pk
Domains: www.finance.gkp.pk
Expiry Date: 2020-06-08 16:22:12+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.finance.gkp.pk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.finance.gkp.pk/privkey.pem
Running apachectl -S outpus the following:
VirtualHost configuration:
*:443 finance.gkp.pk (/etc/apache2/sites-enabled/finance.gkp.pk-le-ssl.conf:2)
*:80 finance.gkp.pk (/etc/apache2/sites-enabled/finance.gkp.pk.conf:1)
ServerRoot: ā/etc/apache2ā
Main DocumentRoot: ā/var/www/htmlā
Main ErrorLog: ā/var/log/apache2/error.logā
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: ā/var/run/apache2/apache2.pidā
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=āwww-dataā id=33 not_used
Group: name=āwww-dataā id=33 not_used
Got it working by adding entry for :
<VirtualHost *:443>
entry in /etc/apache2/sites-available/mydomain.conf and clearing browser cacheā¦
1 Like
system
Closed
April 10, 2020, 7:09am
13
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.