Messed up with certificate expansion for domain


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.phpninja.fr

I ran this command:./certbot-auto --cert-name www.phpninja.fr -d phpninja.fr

It produced this output:
You are updating certificate www.phpninja.fr to include new domain(s):

You are also removing previously included domain(s):

Did you intend to make this change?

(U)pdate cert/©ancel: U
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for phpninja.fr
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/phpninja.fr-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/phpninja.fr-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/phpninja.fr-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):

Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for overall consistency.
Redirecting vhost in /etc/apache2/sites-enabled/phpninja.fr.conf to ssl vhost in /etc/apache2/sites-available/phpninja.fr-le-ssl.conf


Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://phpninja.fr

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=phpninja.fr

My web server is (include version):APache2.4

The operating system my web server runs on is (include version): Debian 8

My hosting provider, if applicable, is: dedicated server

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Webmin

Hello,
I chose (unfortunately the option 2 (redirecto http to https), which messed up the site, i ran the command to delete the certificate to do again,
./certbot-auto delete --cert-name www.phpninja.fr
but now when I do :
./certbot-auto certonly --webroot -w /home/phpninja/public_html -d www.phpninja.fr
the challenges fils due to the redirect I think; the problem is I don’t know where the redirect occurs…
thank you for your help.


#2

I’m not sure whether your diagnosis about the rewrite is correct. It would be helpful if you provided the exact error that you’re encountering.

However, if you want to find the rewrite in order to remove it, try

grep -r RewriteRule /etc/apache2


#3

Hi,
your commande returned partly this (i removed data for other domains)
/etc/apache2/sites-available/creatissus.com.conf:RewriteRule ^(.) https://creatissus.com:20000/ [R]
/etc/apache2/sites-available/creatissus.com.conf:RewriteRule ^(.
) https://creatissus.com:10000/ [R]
/etc/apache2/sites-available/creatissus.com.conf:RewriteRule ^(.) https://creatissus.com:20000/ [R]
/etc/apache2/sites-available/creatissus.com.conf:RewriteRule ^(.
) https://creatissus.com:10000/ [R]

/etc/apache2/sites-available/phpninja.fr.conf:RewriteRule ^(.) https://phpninja.fr:20000/ [R]
/etc/apache2/sites-available/phpninja.fr.conf:RewriteRule ^(.
) https://phpninja.fr:10000/ [R]
/etc/apache2/sites-available/phpninja.fr.conf:RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

I quoted the last line of the domain, the problem still persists.
One thing strange is why the browser tries to associate the certificate to the other domain creatissus.com?


#4

Also creatissus has a ssl that i purchased 3 years ago, the configuration is coming form another server so the syntax is a little different :
SSLEngine on
SSLCertificateFile /home/creatissus/ssl.cert
SSLCertificateKeyFile /home/creatissus/ssl.key
SSLCACertificateFile /home/creatissus/ssl.ca

while as phpninja which used Letsencrypt
SSLCertificateFile /etc/letsencrypt/live/www.phpninja.fr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.phpninja.fr/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/www.phpninja.fr/chain.pem


#5

So, if you think the rewrite is causing problems right now, you should be able to disable it by commenting out or deleting the RewriteRule lines at the end of phpninja.fr.conf and then restarting Apache.


#6

I checked the configuration files, nothing wrong, i finally found out the problem : it was a rewrite problem, but not in Apache but in the wordpress blog where i installed a plugin to redirect to https. I removed it in the shell. thanks you for your input.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.