Problem obtaining new cert


#1

Please fill out the fields below so we can help you better.

My domain is: xometry.net

I ran this command: certbot-auto --apache

It produced this output:
Fri Oct 07 17:18:12.530102 2016] [ssl:emerg] [pid 16152:tid 139959382439808] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/sitea.conf:12)
[Fri Oct 07 17:18:12.530138 2016] [ssl:emerg] [pid 16152:tid 139959382439808] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Fri Oct 07 17:20:37.629328 2016] [ssl:emerg] [pid 16276:tid 140713537795968] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/quote.conf:12)
[Fri Oct 07 17:20:37.629367 2016] [ssl:emerg] [pid 16276:tid 140713537795968] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Fri Oct 07 17:20:37.736910 2016] [ssl:emerg] [pid 16285:tid 139951253837696] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/sitea.conf:12)

My operating system is (include version):
ubuntu 14.04
My web server is (include version):
Apache

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no


I am attempting to get a cert for a new QA env. The site is SSL enabled but, I need to get a new cert for the QA. I am unable to start the server without a cert but, the only cert that I currently have is for the .com domain. Please advise how I can get around this…

The issue is that I gave the following lines commented out since I do not have a cert yet… but I am not sure how to get around the chicken/egg situation.

THANK YOU! Assistance MUCH appreciated!!!

	#   SSL Engine Switch:
	#   Enable/Disable SSL for this virtual host.
	#SSLEngine on

	#   A self-signed (snakeoil) certificate can be created by installing
	#   the ssl-cert package. See
	#   /usr/share/doc/apache2/README.Debian.gz for more info.
	#   If both key and certificate are stored in the same file, only the
	#   SSLCertificateFile directive is needed.
	#SSLCertificateFile /etc/ssl/certs/WildCardSha2.pem
	#SSLCertificateKeyFile /etc/ssl/private/WildCardSha2.key

	#   Server Certificate Chain:
	#   Point SSLCertificateChainFile at a file containing the
	#   concatenation of PEM encoded CA certificates which form the
	#   certificate chain for the server certificate. Alternatively
	#   the referenced file can be the same as SSLCertificateFile
	#   when the CA certificates are directly appended to the server
	#   certificate for convinience.
	#SSLCertificateChainFile /etc/ssl/certs/CABundle.pem

#2

Disable the whole VirtualHost for the SSL site until you have a certificate you can use. I don’t think LE checks the cert chain or Common Name when doing HTTP-based validation, so you may be able to get away using the other certificate for validation at the least.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.