SSL on site passes test but not working

My domain is:
namedream.com

I ran this command:
if you search for a word like “cool” on the domain you will see the problem.

It produced this output:
it gives an untrusted output when I search. SSL is installed correctly on namedream according to SSLLabs. I think the problem is because SSL is not on phpmyadmin which connects to the DB. It never was a problem before but now it’s a problem I believe.

My web server is (include version):
Ubuntu 16.04.6 LTS

The operating system my web server runs on is (include version):
Server version: Apache/2.4.18 (Ubuntu)

My hosting provider, if applicable, is:
digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.31.0

Hi @LinkOrchard

checking your domain both versions (non-www and www) are invalid ( https://check-your-website.server-daten.de/?q=namedream.com ):

One uses an expired certificate

CN=namedream.com
	02.05.2019
	31.07.2019
12 days expired	namedream.com - 1 entry

the www version uses the new non-www-version certificate

CN=namedream.com
	01.08.2019
	30.10.2019
expires in 79 days	namedream.com - 1 entry

Create one certificate with both domain names and use that.

There is only one domain. certbot renew code is not working.

Where do I get the code to upgrade the SSL. SSL is failing to upgrade.

I have certbot it’s not renewing that SSL. HELP

That’s

a problem of your internal configuration.

Failed to connect to MySQL: No such file or directoryDatabase access failed:

That’s not a certificate problem. Check your internal code.

You have both dns entries. Looks like you have changed something. Checked your domain with my browser your non-www version is secure, there is the new certificate used, created 2019-08-01.

How did you create the certificate? Command? There are some questions in the standard template.

The certificate is okay:
Domains: namedream.com
Expiry Date: 2019-10-30 00:39:47+00:00 (VALID: 78 days)
Certificate Path: /etc/letsencrypt/live/namedream.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/namedream.com/privkey.pem

Now how it’s 78 days I do not know as I only upgraded it a few weeks ago. LetsEncrypt now is messing up my entire server. I can’t find any other reason why phpmyadmin would suddenly not work or be deleted. To much of a coincidence that SSL would stop working (even though it says it’s fine) and then at the same time WOOSH phpmyadmin would stop working.

I used the code with “force” but I can’t recall the line of code.

I am going to revoke the cert and try installing it again. Thanks for your pointers @JuergenAuer.

I found the code I used:
certbot certonly --force-renew --cert-name namedream.com

Revoking the certificate is almost never useful. It would be more helpful if you could share the exact output and error messages that you see with us, in addition to the command that you ran (thanks for finding that).

Hi @schoen I see what you mean as now I can’t reboot apache.

On reboot I get this error:
Job for apache2.service failed because the control process exited with error code. See “systemctl status apache2.service” and “journalctl -xe” for details.

It’s failing the config test because I removed the SSL, so then the config test fails.

I believe I need to re-install apace but I’m anxious now that my other sites will soon stop working as I won’t be able to process regular ubuntu updates (as the server won’t reboot).

I am hoping to run these lines but can anyone tell me will this remove all my SSLs on other domains?

If anyone can help we can pay a reasonable fee to help fix as this is not my comfort zone.

To fully remove the apache2 config files, you should:

sudo apt-get purge apache2

which will then let you reinstall it in the usual way with:

sudo apt-get install apache2

UPDATE: I purged it and re-installed it I felt the sites would go down.
SERVER now rebooted successfully and I will try now to install the SSL
UPDATE: WHOLE THING IS A MESS

All this began because certbot even though we set it up to automatically renew the cert failed to do so, then we forced the renewal. For some reason, part of the site was ok on ssl, but then part of the site failed to be ssl and got error messages from Google.

Going to bed

I don’t understand why you “purged” your Apache configuration. Those Apache configuration files contained configuration data for your domains, SSL/TLS information, and potentially PHP and MySQL linking configurations.

You said this was outside your comfort zone, but now you’ll need to reconfigure all this. You claimed Let’s Encrypt is messing up your server, but you seem to have a slash 'n burn style of sys admin that doesn’t account for your lack of “comfort” in this zone.

It isn’t clear what you were trying to do by forcing certbot to renew a specified domain. You claim you thought you set certbot to renew automatically, so why were you forcing a renew? Why not just try “cerbot renew” to see if they were due for renewal or if there were authentication issues?

You state that you manually “removed the SSL” from Apache, but it’s not clear why you would do that if you were trying to renew your certificates. Or why you’d then blame Let’s Encrypt for messing up the system.

You’re making it hard to understand what you did or what you were trying to achieve! Did you delete your Let’s Encrypt config files as part of “removing the SSL”? That will mess up any renewal attempt as well.

You’re nervous about your “other sites”, but are they served by the Apache you purged, or hosted on another machine?

Did the automatic renewal fail because cron was misconfigured, or because certbot wasn’t able to authenticate? You’ve given us no information to go on!

I just tried to load namedream.com and the connection was reset. The site never loaded. Tried twice. I believe he’s really messed things up, has no patience, and has no understanding at all as to what he is doing. He really should have gotten help before trying to “put his fingers” into it.