Issues on Centos with error messages

Help
1

From a newbie to certbot but used to command line linux.

Run a vps with root access and host multiple (small) domains. Now trying to upgrade most to https: and also
encrypt the (sendmail/dovecot) mail server instead of plain text passwords.

Server name (but NOT domain) is sever.watchet.net

I have installed:-
certbot 1.0.0-1.el7
pythoin2-certbot 1.0.0-1.el7
python2-certbot-nginx 1.0.0-1el7
Running Centos 7-7.1908.0.el7.centos

From the root command line I am running

[root@server ~]#
certbot -d an2.co.uk --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested apache plugin does not appear to be installed

Apache is running but the .conf file is httpd.conf and I use the include command withing the .conf file to include multiple .conf files, one for each domain (i.e. an2.co.uk.conf)

I have read pages of documentation but can not find what is wrong here!!

Error log says:-

2020-01-01 13:09:50,509:DEBUG:certbot._internal.main:certbot version: 1.0.0
2020-01-01 13:09:50,509:DEBUG:certbot._internal.main:Arguments: [’-d’, ‘an2.co.uk’, ‘–apache’]
2020-01-01 13:09:50,509:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-01-01 13:09:50,532:DEBUG:certbot._internal.log:Root logging level set at 20
2020-01-01 13:09:50,532:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-01-01 13:09:50,534:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2020-01-01 13:09:50,534:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2020-01-01 13:09:50,534:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None

2

Further information. I have solved first problem with a re-install of the certbot program as a check showed the apapche dependency was not installed.

Now certificate installed ok - just. This particular domain has several server alaises as in this conf file:-

ServerName an2.co.uk
ServerAlias www.an2.co.uk
ServerAlias an2.uk
ServerAlias www.an2.uk
ServerAlias an2.info
ServerAlias www.an2.info
DocumentRoot /home/AN2/

On entering a test at https://www.an2.co.uk i get a firefox error message

www.an2.co.uk uses an invalid security certificate. The certificate is only valid for an2.co.uk Error code: SSL_ERROR_BAD_CERT_DOMAIN

When installing the certificate I used the command line
certbot -d an2.co.uk --apache
SHOULD I ENTER HERE EVERY VERSION OF THE DOMAIN? and if so how do I replace the existing certificate.

Many thanks for any help
John

1 Like
3

sorry to be pain and waste space - just very tired here with screen eyes!!!

Realised that need multiple -d lists and as one domain has 32 aliases that will be interesting as guess willexceed command line length - we will see!

Still any advice that i have missed will be gratefully accepted
John
Somerset
UK

1 Like
4

Hi @JRWatchet

if you use --apache, your list of -d domains should have a matching port 80 vHost with the same list of domain names.

That may be critical if you have a lot of domain names.

You can create vHosts with non-www + www per main domain.

Then create one certificate per main domain with the two domain names non-www and www.

So you have some certificates, one per main domain.

May be easier instead of creating a certificate with so much domain names.

1 Like
5

Many thanks, now typed all the host names and created the certificate OK

Also looks like I can separate the domains after -d with just a comma, which will
make it easier with others. have to have all together as for instance I run the locaL
Tourist site (WWW.VISIT-WATCHET.CO.UK) and we own all the .suffix domains in
case of domain squatters! Hence the need to cover them all.

I have one more question I am trying to research - using https://www.visit-watchet.co.uk/Leaflets.htm
gives errors in Firefox with a) the broken security symbol and says some content is insecure. and b) all formatting is lost - just this one page! Does anyone know why this is happening?

We also have the broken security on https://www.visit-watchet.co.uk/Events.php
and i have no idea why (formatting OK)

Can try without the https: and all ok on above 2 addresses

John

1 Like
6

There may be mixed content. Use https://check-your-website.server-daten.de/ with that subpage (own tool) to check that.

Browsers block active mixed content (JavaScript, CSS), so the design may be broken.

Same thing. Run the check with that url.

PS: Checked your first url - that doesn't work. You use upper cases in your url - https://check-your-website.server-daten.de/?q=visit-watchet.co.uk%2Fleaflets.htm - the tool normalizes these and creates lower cases, so a http status 404 is found.

Normally, folder- and file names shouldn't be case sensitive. Checking the page in my browser - yep, a lot of mixed content. Most critical:

http://www.visit-watchet.co.uk/css/vw_main.css

that's active content, so it's blocked.

1 Like
7

cheers
great help!

Now just added the “s” to the css link and all is fine…that would have baffled me for hours and been at
this for a long time! Really just a programmer here in machine code for microprocessors and learning on the fly about odd things! Also added “s” to link to images.

At present have disabled now the auto redirect (commented out) as we have a live camera feed that needs sorting.

Last (honest) question!

I have used the certbot option to switch all calls to https:// which adds the redirect to the virtual host .conf file so can follow that, but does this slow things down as the normal http: is what everyone knows and is published everywhere.

Most of my links are such as img src="\Photos\Photo1.jpg" Will I need to put the full path into all of these for fast loading of images(hhtps://visitwatchet.co.uk/Photos/Photo1.jpg) or will the redirects work for everything without repeated hits on server? OR is there a short way to do the link with https:

Many thanks for help os far,
much appreciated

John,
Somerset

1 Like
8

PS
Interestingly other html pages also included the http…css file but they display fine
https://www.visit-watchet.co.uk/Attractions.htm
and must be one of life’s mysteries!
cheers

9

http was the normal. Now https is the normal. If you have

  • a working http + https and
  • a working redirect http -> https

everyone can use the http -> and uses the https.

Use always /, not \. First is used with web sites, \ isn't defined in urls.

If you use links without http / https, you don't need to change these.

1 Like
10

Thanks again,
More work tomorrow!
\ was my typo - sorry
John

1 Like
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.