My certbot is not working with https while i’ve installed it

my certbot is not working with https while i’ve installed it. and again i dont have this folder (etc/certbot/live/)

find: ‘/etc/certbot/live/’: No such file or directory

http://www.isoko.ga works fine
but https://www.isoko.ga doest target the right folder and it’s unsecured

why???/

Hi @myskillz36,

What Certbot command did you run? What output did you see? Did it previously work at some point and then stop working?

Although crt.sh is sometimes running behind these days, it doesn’t look like you succeeded in issuing a certificate at all:

https://crt.sh/?Identity=%isoko.ga&iCAID=16418
https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:isoko.ga&lu=cert_search

/etc/letsencrypt/live is only created when you successfully issue at least one certificate on a given server with Certbot.

i did like :
certbot --apache -d isoko.hopto.org

Did it actually succeed?

What does this show:

certbot certificates

That screenshot shows the CSR and key - neither of which demonstrate the existence of a certificate.

Anyway, there’s a couple of things that might be wrong:

  • You probably haven’t yet created a certificate.
  • For the certbot --apache certificate issuing process to succeed, port 80 needs to actually point at Apache. In your case, your port 80 is pointing directly at your application server, and only port 443 is pointing at Apache. This won’t work because Apache is “bypassed” when Let’s Encrypt performs domain validation.
  • If you want the certificate to be valid for isoko.ga and www.isoko.ga, you need to include those two domains on the certificate by including each domain with -d example.org -d www.example.org etc in your Certbot command.

i dont understand
i installed certbot, but now its saying that i have a self signed

The act of installing Certbot doesn’t give you an SSL certificate. You need to use it to issue a certificate in a way that makes sense for your hosting environment.

If you can elaborate on how you want your website to work (what kind of website it is, are you going to proxy it behind Apache or do you want to install the certificate directly to the application, etc), we can help you get a certificate.

please gimme a link or a youtube tutorial link of how to match these ports in apache

i can do the best… i was thinking into these proxy things but i think i might never work

cuz if i put 4 websites in a server at once through proxy i dont know if it’d ever work, so i stopped doing that,

i auto-redirect my project to port 80 to get a quick thing but i aint getting it either,

help me

its an ebay-like system

im stuck cuz clients needs to pay virtually and my transaction partner third party company insist that i gotta get https

Without knowing what your webapp runs on (JBoss? Tomcat?) it’s impossible to say whether it is possible to set it up with HTTPS without a proxy.

If you can’t set it up behind a proxy successfully, the most I can reccommend to you is to pay a sysadmin to help you or review online materials such as https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html . If you manage to do that, then Certbot will work in a simple way.

i have tried to use mod_jk and the redirection works fine, i dont need proxy cuz mod_jk works fine

my problem is to get https
here living, im one who can help myself, no one can touch what im doing, especially with java, everyone works with php
im the only one into this, remember

This is not really about PHP or Java. It is a problem of configuring Apache to do the right thing.

So Apache and mod_jk is listening on port 80? I don’t think so, but check with:

sudo ss -tlnp | grep 80

I think it is more likely to show java than httpd/apache2.

i disable one to use the other

Well, you have two options.

  1. Run Tomcat directly on port 80 and 443, and do not use Apache or mod_jk at all.

  2. Run Apache on ports 80 and 443 with mod_jk, and change Tomcat to listen on 8080 only.

With both approaches, it is possible to have HTTPS. But it is up to you to decide which you want, because the methodology is very different.

tell me this port here 443 is into ssl.conf right??