My ssl certificate is not working Firefox

Hello, Im new to Let's encrypt and i have issues setting up my ssl certificate.

My domain is:
cookbook.monster

I ran this command:
sudo certbot --apache -d cookbook.monster -d www.cookbook.monster

It produced this output:


Congratulations! You have successfully enabled https://cookbook.monster and
https://www.cookbook.monster


My web server is (include version):
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 16 2020 16:18:20

The operating system my web server runs on is (include version):
Linux 3.10.0

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.11.0

My apache vhost config:
NameVirtualHost *:80

<VirtualHost *:80>
ServerAdmin root@localhost
DocumentRoot /var/www/html/cookbook
ServerName cookbook.monster
ServerAlias www.cookbook.monster
RewriteEngine on
RewriteCond %{SERVER_NAME} =cookbook.monster
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
1 Like

Your Apache probably has multiple HTTPS VirtualHosts where certbot put the certificate info into one of them, but Apache prefers the other (incorrect) one.

What's the output of:

apachectl -S

or, if that doesn't work:

httpd -S

2 Likes

AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/extra/httpd-vhosts.conf:1
AH00526: Syntax error on line 8 of /etc/httpd/conf/extra/httpd-vhosts-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/cookbook.monster/cert.pem' does not exist or is empty

i think i might have to reinstall it?

1 Like

What does:

certbot certificates

.. give as output?

1 Like
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: cookbook.monster
    Serial Number: #
    Key Type: RSA
    Domains: cookbook.monster www.cookbook.monster
    Expiry Date: 2021-07-24 06:56:46+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/cookbook.monster/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/cookbook.monster/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 Like

Looks fine.

Sorry, I probably should have mentioned it, but did you run apachectl -S as root? If not, please append sudo in front of it:

sudo apachectl -S
1 Like
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/extra/httpd-vhosts.conf:1
VirtualHost configuration:
*:80                   cookbook.monster (/etc/httpd/conf/extra/httpd-vhosts.conf:3)
*:443                  is a NameVirtualHost
         default server cookbook.monster (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost cookbook.monster (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost cookbook.monster (/etc/httpd/conf/extra/httpd-vhosts-le-ssl.conf:2)
                 alias www.cookbook.monster
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
1 Like

Here is the problem. You have a configuration file called ssl.conf enabled which has a HTTPS VirtualHost, whereas certbot has used the HTTP VirtualHost from httpd-vhost.conf to generate a new HTTPS VirtualHost configuration file, leading to two HTTPS VirtualHost configuration files for the same hostname.

Disable the ssl.conf VirtualHost, reload Apache, and all should be good.

2 Likes

i disabled the config by renaming it but now the website wont load. i tried changing the documentroot etc. but it doesnt seem to be the issue.

1 Like

ssl.conf probably included some important stuff not carried over to the httpd-vhosts-le-ssl.conf, perhaps a Listen 443.

Please check out the ssl.conf, check for important stuff, and add them to httpd-vhosts-le-ssl.conf too.

1 Like

Thanks a lot it works now :smile:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.