My domain is:
bravewonderer.com / www.bravewonderer.com
I ran this command:
after installing certbot through snap as by instructions I ran
sudo certbot --apache
It produced this output:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/bravewonderer.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/bravewonderer.com/privkey.pem
This certificate expires on 2023-01-18.
My web server is (include version):
Apache 2.4.54 (Debian)
The operating system my web server runs on is (include version):
Debian 11 (Bullseye) - I'm on a raspberry pi
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.31
sudo a2enmod ssl tells me it's already enabled.
I tried connecting to the server through my pc using curl http://bravewonderer.com:443 I get 301 Moved Permanently, document has moved to https://bravewonderer.com
Output of sudo apachectl -t -D DUMP_VHOSTS:
VirtualHost configuration:
*:443 bravewonderer.com (/etc/apache2/sites-enabled/head-le-ssl.conf:2)
*:80 bravewonderer.com (/etc/apache2/sites-enabled/head.conf:1)
Configuration files of the output above (plus the file that certbot created and includes):
# /etc/apache2/sites-available/head.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/head/public_html
ServerName bravewonderer.com
ServerAlias www.bravewonderer.com
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.bravewonderer.com [OR]
RewriteCond %{SERVER_NAME} =bravewonderer.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-------------------------------------------------------------------------------------
# /etc/apache2/sites-available/head-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/head/public_html
ServerName bravewonderer.com
ServerAlias www.bravewonderer.com
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/bravewonderer.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bravewonderer.com/privkey.pem
</VirtualHost>
</IfModule>
----------------------------------------------------------------------------
# /etc/letsencrypt/options-ssl-apache.conf
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder on
#SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
Edit:
Wanted to add that before installing the certificate I was able to access the site through http normally.
Also, I set up the nameservers through 1984 Free DNS, not sure if after enabling https I need to change something there.
While trying to troubleshoot I also ran curl -v https://bravewonderer.com output is
* Trying 2.230.32.65:443...
* Connected to bravewonderer.com (2.230.32.65) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* (5454) (IN), , Unknown (72):
* error:0A00010B:SSL routines::wrong version number
* Closing connection 0
curl: (35) error:0A00010B:SSL routines::wrong version number
Thanks for the help