Let's Encrypt SSL Not Showing

Please fill out the fields below so we can help you better.

My domain is: worldnews.gq

I ran this command: certbot certonly

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Apache Web Server plugin - Beta (apache)
2: Place files in webroot directory (webroot)
3: Spin up a temporary webserver (standalone)
-------------------------------------------------------------------------------
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 2
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):worldnews.gq
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for worldnews.gq

Select the webroot for worldnews.gq:
-------------------------------------------------------------------------------
1: Enter a new webroot
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): 

** Invalid input **
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Input the webroot for worldnews.gq: (Enter 'c' to cancel):webroot

-------------------------------------------------------------------------------
webroot does not exist or is not a directory
-------------------------------------------------------------------------------
Input the webroot for worldnews.gq: (Enter 'c' to cancel):/opt/bitnami/apps/wordpress/htdocs/
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/worldnews.gq/fullchain.pem. Your cert will
   expire on 2017-09-01. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

My web server is (include version):
Server version: Apache/2.4.25 (Unix) Server built: May 18 2017 14:10:36

The operating system my web server runs on is (include version): Debain 8.8

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Even though it has successfully installed on my server, yet the https version is not showing up.
https://worldnews.gq

hi @worldnews_gq

This one should have been fairly easy to diagnose :wink:

You are still using a self signed certificate

Possible causes are:

A) You did not update the apache configuration (or certbot didn’t)
B) The application you are using is ignoring the apache config
C) You didn’t restart the apache server after the certificate configs were updated

Andrei

This is your problem. Rather than typing “webroot”, you need to enter the path to the root of your web server, like /var/www/html (or wherever you’ve configured it to be).

Let’s Encrypt has not issued a certificate, because of the error above.

Hi @danb35,

If you check the entire log posted, after the webroot fail, he/she wrote the right webroot path :wink:

Input the webroot for worldnews.gq: (Enter 'c' to cancel):/opt/bitnami/apps/wordpress/htdocs/

Indeed, a certificate was issued:

Cheers,
sahsanu

1 Like

Hello,
Thank you for the information.
Can you please let me know how solve each cause you mentioned?
I’ve restarted apache, still, it’s same.

Ah, indeed–I didn’t realize that this text box wasn’t showing the whole output, and you had to scroll to see it. My bad.

1 Like

You used the certonly command, which means it will only issue the certificate. You’ll need to edit your Apache configuration to point to the new certificate and private key.

How to edit that? Please let me know. I’ll edit that.

These are text files within /etc/apache2 which configure which sites exist on your system and are served by Apache. They need to be edited with a text editor. They are documented at

https://httpd.apache.org/docs/2.2/configuring.html (for Apache 2.2)

https://httpd.apache.org/docs/current/configuring.html (for Apache 2.4)

You will probably need to create a new file in /etc/apache2/sites-available that defines a VirtualHost with HTTPS enabled (referred to by Apache as “SSL” even though that’s no longer the current name for the TLS technology) and that points to the key and chain files in /etc/letsencrypt/live. Then you can enable this file with a2ensite, which will create a symbolic link in /etc/apache2/sites-enabled pointing to the file you created.

I believe there are probably a lot of tutorials on the web for this.

The Apache documentation also gives examples

https://httpd.apache.org/docs/2.2/vhosts/examples.html (2.2)
https://httpd.apache.org/docs/current/vhosts/examples.html (2.4)

but none of the examples use HTTPS (!!!). :frowning:

However, they have a separate section on this topic.

https://httpd.apache.org/docs/2.2/ssl/ (2.2)
https://httpd.apache.org/docs/current/ssl/ (2.4)

The certonly command basically assumes that you know how to do this or have a tutorial that you’re already following. If you wanted Certbot to create this virtual host for you, it can often do so if you instead used certbot run or certbot --apache!

webroot works wonders on all my nginx and Let’s Encrypt configs.

Sure, but it doesn't install the certificate for you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.