Dear LE’s community,
I install letsencrypt using certbot --apache, on Centos 7 machine for reverse proxying to backend server in the same machine.
Certificate is generated succesfully (with always redirection to https option). virtual host are defined, but when i visit from my browser (moziila ff as well as chrome) always fail, take very long time on TLS handshaking then give me error message:
"Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem."
Thank you for your help and information, i well suspend the cloudflare NS, then recheck my virtualhost config, dont have clue yet why it get those kind of redirect yet. May be i create certificate both for ptkib.id as will as the alias www.ptkib.id, is it so?
I have deactivate all redirect to https. And i cant reachh the server (apache sample page displayed), but if i use https to connect i got the same problem.
#SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA$ #SSLHonorCipherOrder on
i have 2 letsencrypt installation in different machine, both using certbot apache, the one that is running the folder and file permission is less restrictive compared to the one that still not able to connect.
offcourse i can make it the same, but may be it will make a severe security issue
which is the correct and best way to keep or to go?
the folder that are differ in the permission:
csr folder 750 vs 755
renewal folder 750 vs 755
renewall-hooks folder 750 vs 755
inside the folder also have differrent permission:
inside renewal folder, has conf file 640 vs 644
inside renewal hooks have 3 folder 750 vs 755 (but all still empty on both)
The one interesting is inside is in “live” folder
inside has folder for domain 750 vs 755
inside domain folder all symlinks file to archive folder of respected domain, 777 vs 777
inside the archive folder --“domain” folder have the cert chain fullchain and privkey file
the difference is in privkey.pem 600 vs 644 (others are same 644)