From a newbie to certbot but used to command line linux.
Run a vps with root access and host multiple (small) domains. Now trying to upgrade most to https: and also
encrypt the (sendmail/dovecot) mail server instead of plain text passwords.
Server name (but NOT domain) is
I have installed:-
Running Centos 7-7.1908.0.el7.centos
From the root command line I am running
certbot -d an2.co.uk --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested apache plugin does not appear to be installed
Apache is running but the .conf file is httpd.conf and I use the include command withing the .conf file to include multiple .conf files, one for each domain (i.e. an2.co.uk.conf)
I have read pages of documentation but can not find what is wrong here!!
Error log says:-
2020-01-01 13:09:50,509:DEBUG:certbot._internal.main:certbot version: 1.0.0
2020-01-01 13:09:50,509:DEBUG:certbot._internal.main:Arguments: [’-d’, ‘ an2.co.uk’, ‘–apache’]
2020-01-01 13:09:50,509:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-01-01 13:09:50,532:DEBUG:certbot._internal.log:Root logging level set at 20
2020-01-01 13:09:50,532:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-01-01 13:09:50,534:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2020-01-01 13:09:50,534:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2020-01-01 13:09:50,534:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None
Further information. I have solved first problem with a re-install of the certbot program as a check showed the apapche dependency was not installed.
Now certificate installed ok - just. This particular domain has several server alaises as in this conf file:-
On entering a test at
https://www.an2.co.uk i get a firefox error message
www.an2.co.uk uses an invalid security certificate. The certificate is only valid for an2.co.uk Error code: SSL_ERROR_BAD_CERT_DOMAIN
When installing the certificate I used the command line
certbot -d an2.co.uk --apache
SHOULD I ENTER HERE EVERY VERSION OF THE DOMAIN? and if so how do I replace the existing certificate.
Many thanks for any help
sorry to be pain and waste space - just very tired here with screen eyes!!!
Realised that need multiple -d lists and as one domain has 32 aliases that will be interesting as guess willexceed command line length - we will see!
Still any advice that i have missed will be gratefully accepted
if you use
--apache, your list of
-d domains should have a matching port 80 vHost with the same list of domain names.
That may be critical if you have a lot of domain names.
You can create vHosts with non-www + www per main domain.
Then create one certificate per main domain with the two domain names non-www and www.
So you have some certificates, one per main domain.
May be easier instead of creating a certificate with so much domain names.
Many thanks, now typed all the host names and created the certificate OK
Also looks like I can separate the domains after -d with just a comma, which will
make it easier with others. have to have all together as for instance I run the locaL
Tourist site ( WWW.VISIT-WATCHET.CO.UK) and we own all the .suffix domains in
case of domain squatters! Hence the need to cover them all.
I have one more question I am trying to research - using
gives errors in Firefox with a) the broken security symbol and says some content is insecure. and b) all formatting is lost - just this one page! Does anyone know why this is happening?
We also have the broken security on
and i have no idea why (formatting OK)
Can try without the https: and all ok on above 2 addresses
There may be mixed content. Use
https://check-your-website.server-daten.de/ with that subpage (own tool) to check that.
Same thing. Run the check with that url.
PS: Checked your first url - that doesn't work. You use upper cases in your url -
https://check-your-website.server-daten.de/?q=visit-watchet.co.uk%2Fleaflets.htm - the tool normalizes these and creates lower cases, so a http status 404 is found.
Normally, folder- and file names shouldn't be case sensitive. Checking the page in my browser - yep, a lot of mixed content. Most critical:
that's active content, so it's blocked.
Now just added the “s” to the css link and all is fine…that would have baffled me for hours and been at
this for a long time! Really just a programmer here in machine code for microprocessors and learning on the fly about odd things! Also added “s” to link to images.
At present have disabled now the auto redirect (commented out) as we have a live camera feed that needs sorting.
Last (honest) question!
I have used the certbot option to switch all calls to https:// which adds the redirect to the virtual host .conf file so can follow that, but does this slow things down as the normal http: is what everyone knows and is published everywhere.
Most of my links are such as img src="\Photos\Photo1.jpg" Will I need to put the full path into all of these for fast loading of images(hhtps://visitwatchet.co.uk/Photos/Photo1.jpg) or will the redirects work for everything without repeated hits on server? OR is there a short way to do the link with https:
Many thanks for help os far,
Interestingly other html pages also included the http…css file but they display fine
and must be one of life’s mysteries!
http was the normal. Now https is the normal. If you have
a working http + https and
a working redirect http -> https
everyone can use the http -> and uses the https.
/, not \. First is used with web sites, \ isn't defined in urls.
If you use links without http / https, you don't need to change these.
More work tomorrow!
\ was my typo - sorry
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.