Installing SSL on Rasperry(Self hosted website)

paueron · April 26, 2022, 4:08pm

Hello, i'm the owner of a website hosted with apache on a Raspberry PI Zero W, i run on the rasperry(running on Raspian OS) all those comands Certbot Instructions | Certbot
and all worked, but if i type in my web browser https://yourwebsite.it/ it don't load Nothing.

How can i solve it?

I also have two domains on this site, the ".com" and ".it", i installed it on the ".it", to install on the other i need to do the same procedure linked upper?

Thanks a lot!

Osiris · April 26, 2022, 4:13pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

paueron · April 26, 2022, 4:31pm

My domain is: www.paoloronco.it / www.paoloronco.com

I ran this command:
1- sudo snap install core; sudo snap refresh core
2- sudo snap install --classic certbot
3- sudo ln -s /snap/bin/certbot /usr/bin/certbot
4- sudo certbot --apache
5- sudo certbot renew --dry-run

It produced this output: No errors in all the commands
1- snap "core" is already installed, see 'snap help refresh'
snap "core" has no updates available

2- snap "certbot" is already installed, see 'snap help refresh'

3- ln: creazione del collegamento simbolico '/usr/bin/certbot' non riuscita: File già esistente

4- Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: www.paoloronco.it

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/www.paoloronco.it.conf)

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Deploying certificate
Successfully deployed certificate for www.paoloronco.it to /etc/apache2/sites-enabled/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://www.paoloronco.it

If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

My web server is (include version): Apache 2.4.53(Raspbian) 32bit

The operating system my web server runs on is (include version): Raspberry PI OS, released in: 2022 - 04 - 04

My hosting provider, if applicable, is: a raspberry PI

I can login to a root shell on my machine (yes or no, or I don't know): Yes, i can access my rasperry and run all the commands i want

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO,but i registered it on register.com

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.26.0

9peppe · April 26, 2022, 4:34pm

What's the output of sudo certbot certificates?

paueron · April 26, 2022, 4:36pm

Found the following certs:
Certificate Name: www.paoloronco.it
Serial Number: "I don't know if it is private or i can share it"
Key Type: RSA
Domains: www.paoloronco.it
Expiry Date: 2022-07-20 11:08:43+00:00 (VALID: 84 days)
Certificate Path: /etc/letsencrypt/live/www.paoloronco.it/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.paoloronco.it/privkey.pem

9peppe · April 26, 2022, 4:39pm

From where I am it looks like your firewall is blocking port 443 (or you have no port forwarding on it)

❯ curl -IL  www.paoloronco.it
HTTP/1.1 301 Moved Permanently
Date: Tue, 26 Apr 2022 16:38:45 GMT
Server: Apache/2.4.53 (Raspbian)
Location: https://www.paoloronco.it/
Content-Type: text/html; charset=iso-8859-1

curl: (7) Failed to connect to www.paoloronco.it port 443 after 3023 ms: No route to host

It's not: crt.sh | 6585953767

paueron · April 26, 2022, 4:43pm

How can i solve it?
As i told before the website is self-hosted on a raspberry PI attached to my router

9peppe · April 26, 2022, 4:44pm

You did something to allow your raspberry pi to listen on port 80. Port forwarding, maybe? Firewall settings?

Do the same for port 443.

paueron · April 26, 2022, 5:21pm

Thanks a lot, i just discovered that my ISP(fastweb) don't allow the opening of this port...

9peppe · April 26, 2022, 5:29pm

That doesn't make much sense.

I'd try again. But you can actually use whatever port you want. It's port 80 you can't change.

paueron · April 26, 2022, 5:34pm

Yes, the port 80 is opened and no problem, but i can't open the port 443.
I readed on an online article made from an engineer of my ISP, that years ago Askey(The producer of the default router that my ISP gave me), didn't opened the service on the server https only on lan. In fact all the engineer's added a rule on the iptables to be protected from the access from WAN. and this is why you can't forward it.

(i hope i transladed well, the original article is in my native language, italian)

9peppe · April 26, 2022, 5:36pm

Ho letto lo stesso post su reddit. È sempre lo stesso router?

Comunque, puoi davvero mettere https su qualsiasi porta. L'importante è che fai la validazione sulla porta 80.

paueron · April 26, 2022, 5:38pm

Ah ok non sapevo, grazie!
Si è lo stesso router che dicevano su reddit
Ma sei italiano?

Mi puoi consigliare come fare, non sono un esperto purtroppo... quale porta metto e come faccio la validazione?
Devo fare tutto da router giusto?

9peppe · April 26, 2022, 6:06pm

La validazione l'hai fatta già.

Purtroppo, non potendo usare la porta di default ti toccherà accedere al sito con un indirizzo simile a https://www.paoloronco.it:12345

dove 12345 è il numero della porta (decidi tu fra 1 e 65535, basta che la inoltri e modifichi il redirect nella configurazione di Apache)

paueron · April 27, 2022, 10:01am

Ah ok grazie, alla fine per comodità visto tutti sti casini ho deciso di installare il sito su cPanel, che con register.com è compreso gratuitamente...
E almeno evito anche di tenere aperta una porta del mio router

9peppe · April 27, 2022, 10:17am

Attento al rinnovo che loro di solito hanno prezzi più alti degli altri, al secondo anno.

paueron · April 27, 2022, 11:40am

Ah grazie, farò attenzione a informarmi bene tra circa un anno quando si rinnova