Mi website is un accesible after update of ssl certificates

[2605:a140:2062:9311::1]:80 is a NameVirtualHost
default server doujinblog.org (/etc/httpd/conf/httpd.conf:359)
port 80 namevhost doujinblog.org (/etc/httpd/conf/httpd.conf:359)
alias www.doujinblog.org
wild alias *.doujinblog.org
port 80 namevhost anothersite.com (/etc/httpd/conf/httpd.conf:415)
alias www.anothersite.com
alias mail.anothersite.com
alias webmail.anothersite.com
alias admin.anothersite.com
[2605:a140:2062:9311::1]:443 anothersite.com (/etc/httpd/conf/httpd.conf:449)
209.xxx.xxx.129:80 is a NameVirtualHost
default server doujinblog.org (/etc/httpd/conf/httpd.conf:359)
port 80 namevhost doujinblog.org (/etc/httpd/conf/httpd.conf:359)
alias www.doujinblog.org
wild alias *.doujinblog.org
port 80 namevhost anothersite.com (/etc/httpd/conf/httpd.conf:415)
alias www.anothersite.com
alias mail.anothersite.com
alias webmail.anothersite.com
alias admin.anothersite.com
209.xxx.xx.129:443 anothersite.com (/etc/httpd/conf/httpd.conf:449)

Regarding Cloudflare, try editing your SSL settings on Cloudflare for that domain to "Full" instead of "Full (Strict)" - strict requires a valid (unexpired) ssl configuration on your own server and will not allow http validation to pass through without an https redirection. "Full" (confusingly) will allow both invalid SSL at the "origin" (your server) and will not auto redirect http to https. Try it out, then try your certificate request again.


try this but the site does not seem to work besides following your recommendation to put the configuration "complete", this is a real mystery

certbot --apache -d doujinblog.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/doujinblog.org.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd.conf
Enhancement redirect was already set.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://doujinblog.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

That contradicts the current response:

curl -Ii4 https://doujinblog.org/anything/anywhere
HTTP/2 302
date: Tue, 20 Dec 2022 09:59:34 GMT
content-type: text/html; charset=iso-8859-1
location: https://doujinblog.org/

Something is still redirecting all HTTP connections specifically to "https://doujinblog.org/".


The web config is in need of help.
It is bad practice to use IPs in vhost configs:


We need to see the HTTP server block in this file around line 359:
[that covers the names: doujinblog.org, www.doujinblog.org, *.doujinblog.org]


It is best to stick with Full (Strict) and adjust the redirection settings that are interfering.

I have shared an example here that uses Page Rules. It also requires that the site level redirect to HTTPS is not enabled in Cloudflare.


I just woke up and I put the ip address, you could edit it RUDY, sorry I'm reading the messages and if it was a problem with cloudflare, I deactivated it and if I was able to install the certificates in webmin without problems. I am going to continue reading to try to discover what the problem is, follow the advice of linkp and put together a personal tutorial.

We read shortly, a few moments


I think your suggestion is to disable the DNS host proxy but that skips all of the benefits of Cloudflare (DDoS protection etc). If http validation is a recurring problem, use DNS validation - after all you're already on cloudflare which is a supported DNS provider for automation.


No. In fact the Cloudflare rules that I recommend for Let's Encrypt compatibility will not function if the Cloudflare Proxy is disabled.

My recommended configuration exempts the .well-known/acme-challenge path from HTTPS redirection., insuring that it arrives at the origin server on port 80 as expexted. The Cloudflare SSL/TLS::Edge Certificates::Always Use HTTPS option prevents that override from working. You can probably still redirect HTTP to HTTPS in your Cloudflare configuration by using a specific rule with a lower priority then the exemption used for the challenge path. I handle my HTTPS redirection at my origin, so I don't have any tested guidance for that.

I have moved my exemption configuration from a single Page Rule to separate Cache Rules and Configuration Rules.

Cache Rules:

ACME Challenge
(starts_with(http.request.uri.path, "/.well-known/acme-challenge/"))
Cache status: Bypass cache

Configuration Rules:

ACME Challenge
(starts_with(http.request.uri.path, "/.well-known/acme-challenge/"))
Automatic HTTPS Rewrites: Off
Browser Integrity Check: Off
Opportunistic Encryption: Off
Security Level Essentially Off
SSL: Off

good night or good morning, change my hosting server

Now I'm using

but i'm still having problems any ideas

Ubuntu 22?

Please describe the problem(s) you are now having.
And, if you are still using Apache, show:
sudo apachectl -t -D DUMP_VHOSTS


Description: Ubuntu 20.04.5 LTS
Release: 20.04
Codename: focal

ginx version: nginx/1.18.0 (Ubuntu)

Hi rudy , i change to Nginx

Ok! That is better.

What is the problem you have now?


I followed his advice when he said that apache was very problematic

time the problem is this

Bad gateway Error code 502
Visit cloudflare.com for more information.
2022-12-22 07:36:24 UTC

Cloudflare can't reach your server.


Now error changes to this, i am confused

Secure Connection Failed

An error occurred during a connection to doujinblog.org. Cannot communicate securely with peer: no common encryption algorithm(s).


The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Cloudflare is not working:
SSL Server Test: doujinblog.org (Powered by Qualys SSL Labs)


Please pause Cloudflare and make sure that your site is working correctly over HTTPS with your Let's Encrypt certificate. Once you know that works, it becomes much simpler to add Cloudflare. It also makes it easier to troubleshoot your Let's Encrypt setup.


Now it's working but, I've made the decision to migrate from Apache + Webmin + centos + lestencrip "to possibly"
Nginx + another panel did not decide + ubuntu + Certificates purchased.

Thanks for your help, but I see that people understandably don't have the time or the desire to do this kind of thing. Knowing what the problems of not collaborating or being over-trained are, which leads to bad and complicated support and God knows how to solve one

My conclusion is that if they are easy problems there is a way to help but with more complicated things, this place does not solve the complex problem

I tried to help the friend who asked me for a hand and thank you all but I am going to migrate your page to other more modern and less complicated models

1 Like

You might look at Hestia CP. It uses nginx and can be installed on Ubuntu or Debian. It has built-in Let's Encrypt certificate issuance, but can also accommodate purchased commercial certificates or Cloudflare Origin CA certificates.