Running certbot did not give me https

My domain is: http://www.newkiddintown.com/

I ran the commands on this site https://certbot.eff.org/lets-encrypt/debianbuster-apache with no errors.

All codes succeeded but my website is still not https.

The operating system my web server runs on a raspberry pi with Buster.

My hosting provider is: google domains

I can login to a root shell on my machine (yes)

Dry run works and says it was successful.

The only thing i can think of for why it isnt working is when it asked for the domain, i put in newkiddintown.com instead of www.newkiddintown.com
Not sure if that will affect it, but let me know how to change that if so.

2 Likes

Welcome to the Let's Encrypt Community, Garrett :slightly_smiling_face:

Your certificate needs to cover both newkiddintown.com and www.newkiddintown.com.

Certificate History
3 Likes

Could you please guide me on how to add the new domain to the existing cert?

2 Likes

You can't. You have to generate a new certificate.

Use -d "newkiddintown.com,www.newkiddintown.com" in your certbot command.

3 Likes

Here is what has happened once following your instructions

pi@raspberrypi:~ $ sudo certbot --apache -d "newkiddintown.com,www.newkiddintown.com"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache


You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/newkiddintown.com.conf)

It contains these names: newkiddintown.com

You requested these names for the new certificate: newkiddintown.com,
www.newkiddintown.com.

Do you want to expand and replace this existing certificate with the new
certificate?


(E)xpand/(C)ancel: E
Renewing an existing certificate for newkiddintown.com and www.newkiddintown.com
Performing the following challenges:
http-01 challenge for www.newkiddintown.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

We were unable to find a vhost with a ServerName or Address of www.newkiddintown.com.
Which virtual host would you like to choose?


1: 000-default-le-ssl.conf | newkiddintown.com | HTTPS | Enabled
2: 000-default.conf | | | Enabled


Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

1 Like

Is selecting 1 the correct option here? Im not sure why there are two...

Thanks for your help so far, super helpful!

1 Like

You need to specify ServerAlias www.newkiddintown.com in your apache vHost.

3 Likes

FYI, i selected 1 as the option there.

Here is what happened, the site is still not HTTPS.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: newkiddintown.com
2: www.newkiddintown.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/newkiddintown.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Enhancement redirect was already set.
Enhancement redirect was already set.
2 Likes

You add it as a line right below the ServerName newkiddintown.com line in your 000-default.conf file.

By the way:

1 Like

Your Apache configuration doesn't have a HTTP to HTTPS redirect set for the www subdomain.

Please show apachectl -S

2 Likes

Here is inside the 000-default

Is this the correct way to add the serveralias?

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

RewriteEngine on
RewriteCond %{SERVER_NAME} =newkiddintown.com, www.newkiddintown.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

2 Likes

Add these lines at the top:

ServerName newkiddintown.com
ServerAlias www.newkiddintown.com

then restart apache.

1 Like

pi@raspberrypi:~ sudo apachectl -S AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message VirtualHost configuration: *:443 newkiddintown.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2) *:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex rewrite-map: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex ssl-stapling: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/run/apache2/" mechanism=default Mutex watchdog-callback: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 Group: name="www-data" id=33 pi@raspberrypi:~

2 Likes

No, he doesn't:

osiris@erazer ~ $ curl -LI www.newkiddintown.com
HTTP/1.1 200 OK
Date: Tue, 05 Jan 2021 20:41:13 GMT
Server: Apache/2.4.38 (Raspbian)
Last-Modified: Tue, 05 Jan 2021 18:55:39 GMT
ETag: "5661-5b82bc0b57c8c"
Accept-Ranges: bytes
Content-Length: 22113
Vary: Accept-Encoding
Content-Type: text/html

osiris@erazer ~ $ 

No redirect at all for the www subdomain.

2 Likes

Oh really... are you sure... :wink:

It's malformed isn't it. :confused:

2 Likes

The fact there are a bunch of Rewrite rules supposed to make a redirect doesn't mean the webserver actually is redirecting.

2 Likes

Oh really... are you sure... :wink:

It's malformed isn't it.

That was to ask how to put it in there, is that not correct?

2 Likes

Not quite.

You need the lines I mentioned.

Certbot should add the redirects by itself.

1 Like

You put the ServerName and ServerAlias directives at the place where in your current configuration file there is a commented ServerName. Don't forget to add the www. at the ServerAlias directive which was forgotten by @griffin earlier :wink: Using the same value for ServerName and ServerAlias isn't going to work.

2 Likes

You forgot to put the www....

2 Likes