Still: ran certbot, all went well, but ssl not working. Also there maybe a certbot bug


#1

Since my first post didn’t get any replies, I am trying again.
I installed mod_ssl and updated openssl, ran certbot and the install went well. No error messages etc.
I also chose to set up a redirect, so that all calls to http are redirected to https at the end of installation.

But testing in https://www.ssllabs.com/ssltest/analyze.html?d=www.eu-r.com I get: “No secure protocols supported”
calling https of my domain gives error: connection reset while loading. Authenticity of received data could not be verified.
Http is not redirected to https

In httpd error log I only get:
[warn] Init: (karl.eu-r.com:443) You configured HTTP(80) on the standard HTTPS(443) port!

Since I did not configure http but certbot did, what do I have to do about this? I think this is a certbot bug, as I get this warning on all servers, even on those where ssl is running ok.

in ssl error log I get:
[Thu Mar 29 12:24:18 2018] [error] [client 139.162.78.135] script ‘/var/www/html/echo.php’ not found or unable to stat
What client is that? I don’t know the IP address. What is this echo.php?

Could someone please help me fix this.

My questions:
What to look for in apache settings? What settings to look for in httpd.config specially and what should they be?
Which files also need to be configured? What are the settings I must look for?

My domain is: eu-r.com

I ran this command: $ sudo ./path/to/certbot-auto --apache

It produced this output: Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.eu-r.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.eu-r.com/privkey.pem
Your cert will expire on 2018-06-27. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot-auto renew”
2018-03-29 17:08:10,597:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf/httpd-le-ssl.conf
2018-03-29 17:08:10,764:INFO:certbot_apache.configurator:Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
2018-03-29 17:08:16,818:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf/httpd.conf
2018-03-29 17:08:16,903:INFO:certbot_apache.configurator:Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf
2018-03-29 17:08:17,051:DEBUG:certbot.reporter:Reporting to user: If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

My web server is (include version): Apache/2.2.15 (Unix)

The operating system my web server runs on is (include version): centos 6.9 (final)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi,

You can just copy the cert path and everything (related to ssl), make an ssl vHost with apporiate config(which listen on 443) and restart Apache.

Thank you


#3

copy the cert path and everything (related to ssl) from where to where?

I have ssl vhost listening on 443 somehwhere because when I try to make one httpd won’t start, I get
error binding to socket, port already in use.


#4

Really No one here who can help??


#5

Hi @rritz,

Maybe @bmw or as it seems an issue parsing the web server conf @joohoi could take a look.

@rritz, you should post the web server conf files, the command used and its output and possibly the log created on /var/log/letsencrypt/letsencrypt.log

Note: if the output is a bit large you should consider to upload it to a service like https://pastebin.com

Cheers,
sahsanu


#6

the command used and output is above, and the output is what is also in the letsencrypt.log

This is httpd.cofig: https://pastebin.com/VSSWm4E5

Thxs


#7

Looks like you are missing the mod_ssl in the Apache configuration, that should be enabled for the HTTPS to work in general.
Could you also add the contents of file /etc/httpd/conf/httpd-le-ssl.conf?


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.