Site not working even succesful renewal

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:fabrikaa.com

I ran this command: sudo certbot certonly
--manual
--preferred-challenges=dns
--email ashish@fabrikaa.com
--server https://acme-v02.api.letsencrypt.org/directory
--work-dir=. --config-dir=. --logs-dir=.
--agree-tos
-d www.fabrikaa.com

It produced this output: Successfully received certificate.

My web server is (include version): Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 22.04

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

2

Hello @ashish.fabrikaa, welcome to the Let's Encrypt community. :slightly_smiling_face:

Have you restarted your Apache server service?

1 Like
3

You are presently serving HTTP and not HTTPS on port 443

$ curl -Ii http://fabrikaa.com:443/
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Mon, 05 Jun 2023 17:56:46 GMT
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -

edited

1 Like
4

No, that's not what that means. They have their DNS proxied in Cloudflare so are using Cloudflare CDN. Your request was rejected by Cloudflare edge as it was an HTTP request directed to the HTTPS port. Maybe fuller response below makes this clearer

curl -i http://www.fabrikaa.com:443
HTTP/1.1 400 Bad Request
Server: cloudflare
CF-RAY: -

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
...
3 Likes
5

OK @MikeMcQ ; thanks again! :slight_smile:

1 Like
6

Do you mean your origin server is hosted on AWS? Because you are using the Cloudflare CDN.

This seems more like a Cloudflare configuration problem that might be better handled on the Cloudflare community.

But, please explain more about AWS and Cloudflare and maybe someone here will help

https://community.cloudflare.com/

3 Likes
7

For https on port 443 I do see this

$ curl -Ii https://fabrikaa.com/
curl: (35) OpenSSL/3.0.8: error:0A000410:SSL routines::sslv3 alert handshake failure

$ curl -Ii https://fabrikaa.com:443/
curl: (35) OpenSSL/3.0.8: error:0A000410:SSL routines::sslv3 alert handshake failure
8

While using CloudFlare, this is very strange:

image
image753×301 13.3 KB

2 Likes
9

And maybe these help answer

Both show, which I believe is critical "No client certificate CA names sent"

140549216147264:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1556:SSL alert number 40
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 327 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
1 Like
10

Supplemental:
Here is a list of issued certificates https://crt.sh/?q=fabrikaa.com, the latest bein 2023-06-05.
Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

Edited

As you have reached the Rate Limit https://tools.letsdebug.net/cert-search?m=domain&q=fabrikaa.com&d=168

Rate Limit Current Status Domain
50 Certificates per Registered Domain per week OK (8 / 50 this week.) fabrikaa.com
5 Duplicate Certificates per week Limit exceeded. Next issuable at 12 Jun 2023 12:16:10 UTC fabrikaa.com
Summary generated at letsdebug-toolkit .
1 Like
11

hi @Bruce5051 @MikeMcQ

My ssl was expired but I wasn't able to renew it so I tried to installed it using manual process which installed the certficate but still my site is not working.

Please suggest what changes should I need to get this solve.

1 Like
12

Use one of the currently issued certificates; you have to wait until "Limit exceeded. Next issuable at 12 Jun 2023 12:16:10 UTC" has passed.

Here are Certbot Instructions | Certbot

Here details on Apache can be found in documentation and forums:

1 Like
13

If all you did was to renew the cert [using certonly], then all you need to do is restart/reload Apache.
If it doesn't work after that, you may have done more than just a renew.
If so, you may need to check the Apache configuration.

2 Likes
14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.