Installing SSL on Rasperry(Self hosted website)

Hello, i'm the owner of a website hosted with apache on a Raspberry PI Zero W, i run on the rasperry(running on Raspian OS) all those comands Certbot Instructions | Certbot
and all worked, but if i type in my web browser https://yourwebsite.it/ it don't load Nothing.

How can i solve it?

I also have two domains on this site, the ".com" and ".it", i installed it on the ".it", to install on the other i need to do the same procedure linked upper?

Thanks a lot!

1 Like

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

3 Likes

My domain is: www.paoloronco.it / www.paoloronco.com

I ran this command:
1- sudo snap install core; sudo snap refresh core
2- sudo snap install --classic certbot
3- sudo ln -s /snap/bin/certbot /usr/bin/certbot
4- sudo certbot --apache
5- sudo certbot renew --dry-run

It produced this output: No errors in all the commands
1- snap "core" is already installed, see 'snap help refresh'
snap "core" has no updates available

2- snap "certbot" is already installed, see 'snap help refresh'

3- ln: creazione del collegamento simbolico '/usr/bin/certbot' non riuscita: File già esistente

4- Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?


1: www.paoloronco.it


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/www.paoloronco.it.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Deploying certificate
Successfully deployed certificate for www.paoloronco.it to /etc/apache2/sites-enabled/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://www.paoloronco.it


If you like Certbot, please consider supporting our work by:


My web server is (include version): Apache 2.4.53(Raspbian) 32bit

The operating system my web server runs on is (include version): Raspberry PI OS, released in: 2022 - 04 - 04

My hosting provider, if applicable, is: a raspberry PI

I can login to a root shell on my machine (yes or no, or I don't know): Yes, i can access my rasperry and run all the commands i want

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO,but i registered it on register.com

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.26.0

What's the output of sudo certbot certificates?

1 Like

Found the following certs:
Certificate Name: www.paoloronco.it
Serial Number: "I don't know if it is private or i can share it"
Key Type: RSA
Domains: www.paoloronco.it
Expiry Date: 2022-07-20 11:08:43+00:00 (VALID: 84 days)
Certificate Path: /etc/letsencrypt/live/www.paoloronco.it/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.paoloronco.it/privkey.pem


From where I am it looks like your firewall is blocking port 443 (or you have no port forwarding on it)

❯ curl -IL  www.paoloronco.it
HTTP/1.1 301 Moved Permanently
Date: Tue, 26 Apr 2022 16:38:45 GMT
Server: Apache/2.4.53 (Raspbian)
Location: https://www.paoloronco.it/
Content-Type: text/html; charset=iso-8859-1

curl: (7) Failed to connect to www.paoloronco.it port 443 after 3023 ms: No route to host

It's not: crt.sh | 6585953767

1 Like

How can i solve it?
As i told before the website is self-hosted on a raspberry PI attached to my router

You did something to allow your raspberry pi to listen on port 80. Port forwarding, maybe? Firewall settings?

Do the same for port 443.

2 Likes

Thanks a lot, i just discovered that my ISP(fastweb) don't allow the opening of this port... :sleepy: :sleepy:

That doesn't make much sense.

I'd try again. But you can actually use whatever port you want. It's port 80 you can't change.

1 Like

Yes, the port 80 is opened and no problem, but i can't open the port 443.
I readed on an online article made from an engineer of my ISP, that years ago Askey(The producer of the default router that my ISP gave me), didn't opened the service on the server https only on lan. In fact all the engineer's added a rule on the iptables to be protected from the access from WAN. and this is why you can't forward it.

(i hope i transladed well, the original article is in my native language, italian)

Ho letto lo stesso post su reddit. È sempre lo stesso router?

Comunque, puoi davvero mettere https su qualsiasi porta. L'importante è che fai la validazione sulla porta 80.

1 Like

Ah ok non sapevo, grazie!
Si è lo stesso router che dicevano su reddit
Ma sei italiano?

Mi puoi consigliare come fare, non sono un esperto purtroppo... quale porta metto e come faccio la validazione?
Devo fare tutto da router giusto?

1 Like

La validazione l'hai fatta già.

Purtroppo, non potendo usare la porta di default ti toccherà accedere al sito con un indirizzo simile a https://www.paoloronco.it:12345

dove 12345 è il numero della porta (decidi tu fra 1 e 65535, basta che la inoltri e modifichi il redirect nella configurazione di Apache)

2 Likes

Ah ok grazie, alla fine per comodità visto tutti sti casini ho deciso di installare il sito su cPanel, che con register.com è compreso gratuitamente...
E almeno evito anche di tenere aperta una porta del mio router

1 Like

Attento al rinnovo che loro di solito hanno prezzi più alti degli altri, al secondo anno.

1 Like

Ah grazie, farò attenzione a informarmi bene tra circa un anno quando si rinnova

2 Likes