LetsEncrypt installed properly but still get warning

Hello,
Any help would be great.
Have successfully installed SSL. But still get a "Visiting an untrustworthy website has been prevented..."

It has to be a redirect issue. Not sure how to install that on ubuntu.

The security certificate presented by this website was issued for a different website's address

See: results: SSL Checker

Thanks in advance.

Mike S.

1 Like

Welcome @CodeCreatorLLC

You only created a cert with the name scrap-heap.com. You will need a cert which also includes www.scrap-heap.com which is what you checked with SSL Checker.

May be as easy as adding a ServerAlias for that name in your Apache VirtualHosts and recreating the cert.

8 Likes

Thanks Mike...... Should I create the virtual host in sites-available or sites-enable directory?

Where did you create the VirtualHost for scrap-heap.com?

7 Likes

Mike... Thanks again for your help. here are the 2 screen shots....

In sites-available.... created a scrap-heap.com.conf directory with the following code

1 Like

Wrong image..... sorry this one

Capture

Maybe I have to remove certbot-auto and any Certbot OS packages and reinstall cerbot. Not sure

That VirtualHost with the ServerAlias looks good. Did that not show two domain names when you re-ran Certbot?

And, yes, certbot-auto was deprecated some time ago

7 Likes

Ok...... correct 2 domains where not shown. Thanks I try a reinstall of cerbot. Appreciate all your help

2 Likes

Last question I promise..... reinstall worked. However now I get.....

Forbidden
You don't have permission to access this resource.

Apache/2.4.29 (Ubuntu) Server at www.scrap-heap.com Port 443

That is hardly ever true :slight_smile:

Do you have a .htaccess file in that DocumentRoot?

8 Likes

LOL.... So true.

Yes in: /etc/apache2/apache2.conf

image

What does your VirtualHost for the *:443 server look like?

Didn't this site work before? You have a history with certs. Just puzzled why you are having basic access trouble. The certs for both domain names seem fine.

7 Likes

I don't want to take up more of your time.
The 443 host is in my apach2/sites-enabled/scrap-heap.com-le-ssl.cong
Looks like this.....

Thanks for the effort. Cheers

2 Likes

Only if the two sites are going to serve different content.
If they are the "same" site, then just add an alias to the existing site and restart the web service.
And review the entire Apache config for name:port overlaps.
apachectl -t -D DUMP_VHOSTS

I don't think that made/makes any difference in this situation.

5 Likes

Does your Apache ErrorLog have anything in it? Maybe it warns about missing DirectoryIndex file or something? I see 403 errors for an "empty" request but 404 for page requests like:

scrap-heap.com/index.html
6 Likes

Thanks for reply. Certificates are installed properly. But I still get

Forbidden....You don't have permission to access this resource. Apache/2.4.29 (Ubuntu) Server at www.scrap-heap.com Port 443

Here is a screen shot of virtual hosts. Not sure why the error.

1 Like

Mike still making me nuts.... here is the virtual hosts

Looks like @rg305 idea to look for name/port overlaps was a good one.

You have two config files for port 443 server. Please show the contents of both of these:

/etc/apache2/sites-enabled/000-default-le-ssl.conf
/etc/apache2/sites-enabled/scrap-heap.com-le-ssl.conf

When you post the contents here, please use copy/paste instead of image as much easier for us to work with. And, format output with 3 backticks before and after each file contents like this to format it nice. Thanks
```
contents file1
```
And
```
contents file2
```

7 Likes

[quote="MikeMcQ, post:19, topic:171790"]

/etc/apache2/sites-enabled/000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf


ServerName scrap-heap.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/scrap-heap.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/scrap-heap.com/privkey.pem
</VirtualHost>
</IfModule>