Lestsencrypt cetifricate is not valid

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://www.todomaster.co/, https://todomaster.co/), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
todomaster.co
I ran this command:
sudo certbot certonly --webroot -w /var/www/html -d todomaster.co -d www.todomaster.co
It produced this output:
IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/todomaster.co/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/todomaster.co/privkey.pem
    Your cert will expire on 2020-12-09. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

[ec2-user@ip-172-31-27-101 conf]$ sudo service httpd
My web server is (include version):

The operating system my web server runs on is (include version):Amazon Linux 2

My hosting provider, if applicable, is: aws

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.38.0

2

Hi @chathu020

the result is expected.

doesn't install the certificate. Do that and restart your webserver.

3

do that means run?
sudo certbot certonly

4

Firstly, let me welcome you to the Let's Encrypt Community :slightly_smiling_face:

Based on this:

I'm assuming you're using apache. Is that correct?

5

yes running on apache

6

what did you mean by

doesn’t install the certificate. Do that and restart your webserver.

7

As @JuergenAuer pointed out, you used certonly, which only acquires a certificate. You also used --webroot, which uses your running webserver to acquire your certificate. You still need to “install” your certificate, enable https, and create redirects from http to https.

8

Is your apache configuration fairly “standard” (unmodified)?

9

can you guide me how can I “install” certificate, enable https, and create redirects from http to https.
how can I check Is your apache configuration fairly “standard” (unmodified)?

10

Let’s try something. We can roll it back if there’s an issue.

11

First, run the following and paste the output:

sudo certbot certificates

12

Use

sudo certbot --reinstall

Certbot should ask.

See

Why did you use certonly?

PS: @griffin Your permanently more then one answer are spammy. Please stop that.

13

sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: todomaster.co
Domains: todomaster.co www.todomaster.co
Expiry Date: 2020-12-09 05:08:38+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/todomaster.co/fullchain.pem
Private Key Path: /etc/letsencrypt/live/todomaster.co/privkey.pem

sudo certbot --reinstall
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn’t know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run “certbot certonly” to do so. You’ll need to manually configure your web server to use the resulting certificate.

14

It looks like you’ve already got https enabled and redirects in place, which is why @JuergenAuer has made that suggestion.

15

Perhaps this @JuergenAuer?

sudo certbot -i apache --cert-name todomaster.co

It looks like there is no installation configuration in place.

@chathu020
He’s got a lot more experience than me, so I am deferring to his judgment.

16

Alright, guess he’s not going to respond. Try just restarting apache. Do you know the command to do so for your server?

17

So Certbot doesn't understand your configuration.

What says

httpd -S
18

SSLCertificateFile: file ‘/etc/letsencrypt/live/todomaster.co/fullchain.pem’ does not exist or is empty

19

Please run it as root or sudo.

20

VirtualHost configuration:
*:443 is a NameVirtualHost
default server ip-172-31-27-101.ap-southeast-1.compute.internal (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost ip-172-31-27-101.ap-southeast-1.compute.internal (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost todomaster.co (/etc/httpd/conf/httpd.conf:364)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48