Site not reachable after successful certificate installation


#1

Hi all, first the informations:

My domain is: incipio.it

I ran this command: sudo /path/certbot-auto --apache

It produced this output: everything went ok, selected the nameserver from the list (there was only 1) and I got the congratuilions output that said everything went ok. I choosed not to have the redirect (luckyly, because the https doesn’t work)

My web server is (include version): Apache 2.2.15

The operating system my web server runs on is (include version): CentOS Linux 6.9

My hosting provider, if applicable, is: Aruba

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin 1.881

The problem: https://incipio.it is not reachable, while http is. What can I do?


#2

This is not the recommended way to run certbot-auto
Try
cd /path/
sudo ./certbot-auto --apache


#3

Tried right now, nothing changes


#4

show:
./certbot-auto certificates


#5

Found the following certs:
Certificate Name: www.incipio.it
Domains: www.incipio.it
Expiry Date: 2018-08-05 23:24:01+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.incipio.it/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.incipio.it/privkey.pem


#6

You have a valid cert.
Now you just need to use it.

unfortunately, I’m not familiar with Webmin.


#7

so the command above install the certificate, configure apache…then what should I do to use it?


#8

That is probably done in webmin
And that is where I would look first.

But you could also try looking for where it may be used…
grep -ri servername /etc/apache2 | grep -i incipio.it


#9

I tried thorugh Webmin and webmin shows me the certificate as installed…but still the site is not reachable with https, nor the webmin panel.

Output or command yuo said: (with www.incipio.it)
/etc/httpd/conf/httpd-le-ssl.conf:ServerName www.incipio.it
/etc/httpd/conf/httpd-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/www.incipio.it/cert.pem
/etc/httpd/conf/httpd-le-ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/www.incipio.it/privkey.pem
/etc/httpd/conf/httpd-le-ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/www.incipio.it/chain.pem
/etc/httpd/conf/httpd.conf:ServerName www.incipio.it

And this with simply incipio.it:
/etc/httpd/conf/httpd-le-ssl.conf:DocumentRoot “/home/incipio.it/www”
/etc/httpd/conf/httpd-le-ssl.conf:ServerName www.incipio.it
/etc/httpd/conf/httpd-le-ssl.conf:<Directory “/home/incipio.it/www”>
/etc/httpd/conf/httpd-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/www.incipio.it/cert.pem
/etc/httpd/conf/httpd-le-ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/www.incipio.it/privkey.pem
/etc/httpd/conf/httpd-le-ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/www.incipio.it/chain.pem
/etc/httpd/conf/httpd.conf:DocumentRoot “/home/incipio.it/www”
/etc/httpd/conf/httpd.conf:ServerName www.incipio.it
/etc/httpd/conf/httpd.conf:<Directory “/home/incipio.it/www”>


#10

try:
grep -Eri 'serveralias|servername' /etc/apache2 | grep -i incipio.it

and then show ocntents of:
/etc/httpd/conf/httpd-le-ssl.conf


#11

Output:
/etc/httpd/conf/httpd-le-ssl.conf:ServerName www.incipio.it
/etc/httpd/conf/httpd-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/www.incipio.it/cert.pem
/etc/httpd/conf/httpd-le-ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/www.incipio.it/privkey.pem
/etc/httpd/conf/httpd-le-ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/www.incipio.it/chain.pem
/etc/httpd/conf/httpd.conf:ServerName www.incipio.it


#12

you need to add the serveralias for incipio.it to both:
/etc/httpd/conf/httpd-le-ssl.conf
/etc/httpd/conf/httpd.conf
then restart apache


#13

How can I do it?

I also noticed a problem with apache regarding this stuff:
“httpd: Syntax error on line 1022 of /etc/httpd/conf/httpd.conf: Syntax error on line 9 of /etc/httpd/conf/httpd-le-ssl.conf: Could not open configuration file /etc/letsencrypt/options-ssl-apache.conf: No such file or directory”

Line 1022 is: Include /etc/httpd/conf/httpd-le-ssl.conf
Line 9 of other file is: Include /etc/letsencrypt/options-ssl-apache.conf
maybe I have to change something here?


#14

See if the file still exists:
find / -name options-ssl-apache.conf

If not we can get a copy of it for you.
It should be a default package file.


#15

I get no output from that command


#16

You can create it,
This is what mines looks like - but I may have modified it a bit
more options-ssl-nginx.conf

# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";

#17

I have to create a file and upload it to the correct path?

However I get no output from that command (find)


#18

ls -l /etc/letsencrypt/options-ssl-apache.conf
shows nothing?


#19

Ok, I deleted the letsencrypt folder, now I have reuploaded it, so the missing options file is resolver.

Now let’s go back to this:

How should I do it?


#20

do you know how to use nano, vi, vim ?
any file editor?