No ssl encryption with apache24

My domain is:
meteo-cham.ch
I ran this command:

It produced this output:

My web server is (include version):
apache24
The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): latest avaible version

We definitely need answers to the following two questions in order to help.

This question also crucial.

There are many different versions of Certbot that someone might think is the latest version. This answer needs to be an actual version number

4 Likes

If you look at crt.sh | meteo-cham.ch you can see there's a still valid certificate issued most recently 2023-05-24, still valid for about a month. Which would be due for renewal actually. But your webserver is still using the previous one issued on 2023-04-22.

So you actually have gotten issued a valid cert, but you're not using it. And that one is also up for renewal.

To advice you further, if required, we really need the answers mentioned by @linkp.

3 Likes

I used c ertbot to create the certificates and configure the apache. Everthing went well without errors. I checked the httpd.conf file and the etc entries. Could not identy discrepencies. However, apache does not activate ssl. I'm stuck . . . Any helpful hint?

My domain is:
meteo-cham.ch
I ran this command:
certbot . . .
It produced this output:
all certificates required
My web server is (include version):
Apache 2.4
The operating system my web server runs on is (include version):
WIN10
My hosting provider, if applicable, is:
na
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): the most recent version available for download

I've merged your second thread into your first one. Please continue in this thread, thanks. And also see the message of @linkp above. We need actual commands and actual outputs.

2 Likes

Certbot is not the best ACME client for Windows; As it doesn't integrate well with Apache [for Windows].
That said, you should be able to use "certbot certonly" and afterwards just "certbot renew" [combined with some method to reload Apache] to keep your web service secure.

Please show the full output of:
certbot renew

3 Likes

If apache is using the old cert it's because the config is pointing to the wrong certificate files or it hasn't been restarted yet.

The path in your apache config files should generally look like C:\Certbot\live\<website domain>\fullchain.pem and C:\Certbot\live\<website domain>\privkey.pem

It's possible you got your last certificate and either copied the files somewhere else or pointed to the version in the certbot\archive\ folder.

2 Likes

Hi
Thanks for the hints! After restarting the apache this morning I've got error messages telling that the cert files where either not found or being empty. . . then I inspected the different config files and directories, renamed the cert-files and applied changes in the config, now everything works again as expected. You saved my day!! :grinning:
Cheers Hans

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.