Show:
sudo ls -l /etc/letsencrypt/live/www.shentaichiacademy.co.uk/
root@web-server:/etc/apache2/sites-enabled# sudo ls -l /etc/letsencrypt/live/www.shentaichiacademy.co.uk/
total 4
lrwxrwxrwx 1 root root 51 May 27 09:37 cert.pem -> ../../archive/www.shentaichiacademy.co.uk/cert1.pem
lrwxrwxrwx 1 root root 52 May 27 09:37 chain.pem -> ../../archive/www.shentaichiacademy.co.uk/chain1.pem
lrwxrwxrwx 1 root root 56 May 27 09:37 fullchain.pem -> ../../archive/www.shentaichiacademy.co.uk/fullchain1.pem
lrwxrwxrwx 1 root root 54 May 27 09:37 privkey.pem -> ../../archive/www.shentaichiacademy.co.uk/privkey1.pem
-rw-r--r-- 1 root root 543 May 27 09:37 README
Show:
cat /etc/letsencrypt/live/www.shentaichiacademy.co.uk/fullchain.pem
(privkey.pem is private - all others are public)
root@web-server:/etc/apache2/sites-enabled# cat /etc/letsencrypt/live/www.shentaichiacademy.co.uk/fullchain.pem
-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
redacted
-----END CERTIFICATE-----
Well that contradicts:
That file should be EMPTY or NON-EXISTENT - and it is neither.
hmm....
Show:
cat /etc/apache2/sites-enabled/shentaichiacademy.co.uk-le-ssl.conf
save it in a notepad /text file and upload it
delete that and just upload the whole file.
Or use pastebin ? ? ?
This site formatting is wrecking the fileâŚ
I Filezzillaâd it over to my windows system with sftp and renamed it as .txt hope that helps
Ill remove those certificates from the forum if your finished with it?
I canât find anything wrong with the file.
I say letâs recreate it.
Show:
sudo certbot certificates
manager@web-server:~$ sudo certbot certificates
[sudo] password for manager:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: www.shentaichiacademy.co.uk
Domains: www.shentaichiacademy.co.uk
Expiry Date: 2018-08-25 07:37:57+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/www.shentaichiacademy.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.shentaichiacademy.co.uk/privkey.pem
You can delete the fullchain.pem above.
It looks ok but only has one name.
Just checking, just the fullchain.pem âfileâ
Yes fullchain.pem
Actually # out the first and last lines in the file:
/etc/apache2/sites-enabled/shentaichiacademy.co.uk-le-ssl.conf
The <IfModule mod_ssl.c>
And </IfModule>
Okay not deleted the fullchain perm file,
#'ed out those lines and restarted the server just in case.
No https as yet.
Sorry did you want the fullchain.per deleted before I #'ed out those lines or as well as?
I donât need any of the .pem files you can remove them.
I see a DNS problem between the root domain and the www:
Name: shentaichiacademy.co.uk
Address: 217.160.122.17
Name: sbrown.tk
Address: 82.24.161.12
Aliases: www.shentaichiacademy.co.uk
www is a cname of âsbrown.tkâ
Which IP is your server at?
I have a 1&1 domain name which is CNAMEâd to sbrown.tk
sbrown.tk uses FreeDNS with a crontab that updates sbrown.tk with my IP address which is mostly static and dosnât change much at all but if it does the crontab updates them. My server that runs apache is at sbrown.tk
I assume that SSL is based on the url entered in the Browser where ever it goes after there its unaware. At lease thats what I read.
OK so you wonât be able to add both names to the cert.
You canât validate both IPs form one system IP.
I can only assume this is the first SSL site you have put up on this systemâŚ
So you will need to ensure that port 443 is being forwarded properly and then that it is being handled properly as well.
both names being sbrown.tk and www.shentaichiacademy.co.uk?
Would I need to validate sbrown.tk?
I have sbrown.tk on my 000-default.conf nothing is running there at the moment except some database software.
Both names being:
shentaichiacademy.co.uk
www.shentaichiacademy.co.uk