Hi,
[edit : after like 10 minutes it started to work, can someone explain me why ??? ]
I keep having issues with a perfectly good ceritficate
https://www.carrefourclubforyou.beneficio.be/ gives SEC_ERROR_UNKNOWN_ISSUER
I first use --cert-test then once it’s ok I go for the real one with a --force-renewal
dont know if it’s the correct way so far …
sudo certbot certonly -n --webroot -d www.carrefourclubforyou.beneficio.be -w /var/www/html/beneficio/carrefourclubforyou --cert-path /etc/letsencrypt/live/www.carrefourclubforyou.beneficio.be/ --key-path /etc/letsencrypt/live/www.carrefourclubforyou.beneficio.be --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewal conf file /etc/letsencrypt/renewal/notifications.edenred.be.conf is broken. Skipping.
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.carrefourclubforyou.beneficio.be
Using the webroot path /var/www/html/beneficio/carrefourclubforyou for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0008_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0008_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.carrefourclubforyou.beneficio.be/fullchain.pem.
Your cert will expire on 2017-08-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
here is the apache config
<VirtualHost *:443>
ServerName www.carrefourclubforyou.beneficio.be
DocumentRoot /................
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.carrefourclubforyou.beneficio.be/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.carrefourclubforyou.beneficio.be/privkey.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
Options -Indexes
</Directory>
<Directory "/...................">
allow from all
SSLOptions +StdEnvVars
Options -Indexes
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
</VirtualHost>
thanks