My Lets Encrypt is Successfully install on my Ubuntu Server But Fail while testing

How did you install certbot?

Did you follow these instructions? https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache

Out After Install Let Encrypt SSL

/usr/lib/python3/dist-packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing pyasn1, subjectAltName check for SSL peer verification will be disabled. Import error is: No module named ‘pyasn1’
warnings.warn(import_error_msg)
/usr/lib/python3/dist-packages/ndg/httpsclient/ssl_peer_verification.py:25: UserWarning: SubjectAltName support is disabled - check pyasn1 package installation to enable
warnings.warn(SUBJ_ALT_NAME_SUPPORT_MSG)
/usr/lib/python3/dist-packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing pyasn1, subjectAltName check for SSL peer verification will be disabled. Import error is: No module named ‘pyasn1’
warnings.warn(import_error_msg)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.qa.kerloresearch.com
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

We were unable to find a vhost with a ServerName or Address of www.qa.kerloresearch.com.
Which virtual host would you like to choose?


1: 000-default.conf | | | Enabled
2: 000-default-le-ssl.conf | qa.kerloresearch.com | HTTPS | Enabled


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf


Congratulations! You have successfully enabled https://qa.kerloresearch.com and
https://www.qa.kerloresearch.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=qa.kerloresearch.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.qa.kerloresearch.com


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/qa.kerloresearch.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/qa.kerloresearch.com/privkey.pem
    Your cert will expire on 2020-07-12. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

It looks like it’s working. Start planning to upgrade your OS to Ubuntu 20.04.

how to update my ubuntu server ?
will effect on my other services after Ubuntu server upgrade ?

You wait for it to be released and then you create a new machine with a new OS, and reinstall your services.

I advise against upgrading with the updater, go for a fresh install. If you use the updater, it might work fine or it might cause issues for your services – only you can tell.

I have run this command sudo certbot certificates

Out Put

/usr/lib/python3/dist-packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing pyasn1, subjectAltName check for SSL peer verification will be disabled. Import error is: No module named ‘pyasn1’
warnings.warn(import_error_msg)
/usr/lib/python3/dist-packages/ndg/httpsclient/ssl_peer_verification.py:25: UserWarning: SubjectAltName support is disabled - check pyasn1 package installation to enable
warnings.warn(SUBJ_ALT_NAME_SUPPORT_MSG)
/usr/lib/python3/dist-packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing pyasn1, subjectAltName check for SSL peer verification will be disabled. Import error is: No module named ‘pyasn1’
warnings.warn(import_error_msg)
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: qa.kerloresearch.com
Domains: qa.kerloresearch.com www.qa.kerloresearch.com
Expiry Date: 2020-07-12 16:33:44+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/qa.kerloresearch.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/qa.kerloresearch.com/privkey.pem


This looks fine as well.

What’s the issue you are trying to address?

Why server showing me these below errors ?

/usr/lib/python3/dist-packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing pyasn1, subjectAltName check for SSL peer verification will be disabled. Import error is: No module named ‘pyasn1’
warnings.warn(import_error_msg)
/usr/lib/python3/dist-packages/ndg/httpsclient/ssl_peer_verification.py:25: UserWarning: SubjectAltName support is disabled - check pyasn1 package installation to enable
warnings.warn(SUBJ_ALT_NAME_SUPPORT_MSG)
/usr/lib/python3/dist-packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing pyasn1, subjectAltName check for SSL peer verification will be disabled. Import error is: No module named ‘pyasn1’
warnings.warn(import_error_msg)
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Because your python installation is missing some non-essential packages. How did you install certbot?

They should go away if you run steps 1-3 of the install instructions: https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache

Is it possible to check cerbot is install or not on my Ubuntu server ?

It is, the outbut you’ve been pasting comes from certbot. You may have been calling it letsencrypt or certbot-auto or letsencrypt-auto

should i run this command ( sudo apt-get install certbot python-certbot-apache ) to install cerbot again

not if it’s installed already

Can i run this below command to install cerbot again ?

sudo apt-get install certbot python-certbot-apache

Your system works. Don’t break your system by running commands randomly.

Becouse i am not sure cerbot is properly install on my Ubuntu Server

I am confident it is. Don’t worry too much about it.

My Question Is if SSL is Successfully installed on my server but why its fail while testing you can also check

https://www.ssllabs.com/ssltest/analyze.html?d=qa.kerloresearch.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.qa.kerloresearch.com

Assessment failed: Unable to connect to the server

Your server is not responding on port 443.

What is the Alternative and how can i fixed this problem please advice thanks in advance