Letsencrypt certbot successful but still get ssl error when I try to open my website

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: zen.gotdns.ch

I ran this command: sudo certbot --apache

It produced this output:

Which names would you like to activate HTTPS for?

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1: zen.gotdns.ch

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter 'c' to cancel): 1

Requesting a certificate for zen.gotdns.ch

Successfully received certificate.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for zen.gotdns.ch to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://zen.gotdns.ch

My web server is (include version): apache2

The operating system my web server runs on is (include version): Ubuntu 18.04 LTS

My hosting provider, if applicable, is: self hosted

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.17.0

The problem I am facing if I open my website on any browser I get this:
On Safari I get this error:
Screenshot 2021-08-01 at 22.37.28

I have no clue what is going wrong here. Please help

On Firefox I get this error:

and on Chrome I get this error:

Let's start to unravel this Apache problem with the output of:
sudo apachectl -S

And be sure that you restarted/reloaded Apache after obtaining the cert.

The more I look the stranger this gets...

curl -Iki https://zen.gotdns.ch
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

curl -Iki http://zen.gotdns.ch:443
HTTP/1.1 404 Not Found
Date: Sun, 01 Aug 2021 22:16:21 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1

HTTP is being spoken on port 443 - HTTPS was expected.

All requests return only 404.

Well surprising enough, since these are self hosted , i have port forwarded 80 and 443

And apache -S result:

VirtualHost configuration:
*:443                  zen.gotdns.ch (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80                   zen.gotdns.ch (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
PidFile: "/var/run/apache2/apache2.pid"
Define: MODSEC_2.5
Define: MODSEC_2.9
User: name="www-data" id=33
Group: name="www-data" id=33

Let's have a look at this file:

And did you restart/reload apache after running certbot?

Try showing all the output of these commands:

cat /var/run/apache2/apache2.pid
sudo apachectl stop
cat /var/run/apache2/apache2.pid
sudo apachectl start
cat /var/run/apache2/apache2.pid

In my case, I see:

cat /var/run/apache2/apache2.pid
sudo apachectl stop
cat /var/run/apache2/apache2.pid
sudo apachectl start
Invoking 'systemctl start apache2'.
Use 'systemctl status apache2' for more info.
cat /var/run/apache2/apache2.pid

We can see that PID 98745 was replaced by 98911.

Here is 000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	ServerName zen.gotdns.ch
	DocumentRoot /var/www/html
        GeoIPEnable On
        GeoIPDBFile /etc/apache2/GeoIP.dat MemoryCache
        # GeoIPOutput Env
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf

SSLCertificateFile /etc/letsencrypt/live/zen.gotdns.ch/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zen.gotdns.ch/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

cat /var/run/apache2/apache2.pid
sudo apachectl stop

[Mon Aug 02 10:37:34.735928 2021] [alias:warn] [pid 11726] AH00671: The Alias directive in /etc/apache2/apache2.conf at line 183 will probably never match because it overlaps an earlier Alias.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using Set the 'ServerName' directive globally to suppress this message

cat /var/run/apache2/apache2.pid

cat: /var/run/apache2/apache2.pid: No such file or directory

sudo apachectl start

Invoking 'systemctl start apache2'.

Use 'systemctl status apache2' for more info.

cat /var/run/apache2/apache2.pid


Please add this line to file: 000-default-le-ssl.conf
SSLEngine On

And this is an interesting message:

Have you looked into it?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.