Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: laser-tags.net
I ran this command: certbot --apache
It produced this output:
[root@www sites-available]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ācā to
cancel): admin@laser-tags.net
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Starting new HTTPS connection (1): supporters.eff.org
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: laser-tags.net
2: admin.laser-tags.net
3: wip.laser-tags.net
4: www.laser-tags.net
5: laserlabels.store
6: laserlabels.shop
7: wip.laserlabels.store
8: wip.laserlabels.shop
9: www.laserlabels.store
10: www.laserlabels.shop
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for admin.laser-tags.net
http-01 challenge for laser-tags.net
http-01 challenge for laserlabels.shop
http-01 challenge for laserlabels.store
http-01 challenge for wip.laser-tags.net
http-01 challenge for wip.laserlabels.shop
http-01 challenge for wip.laserlabels.store
http-01 challenge for www.laser-tags.net
http-01 challenge for www.laserlabels.shop
http-01 challenge for www.laserlabels.store
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Enabling site /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf by adding Include to root configuration
Created an SSL vhost at /etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf
Enabling site /etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf by adding Include to root configuration
Created an SSL vhost at /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Enabling site /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf by adding Include to root configuration
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/httpd/sites-enabled/www.laser-tags.net.conf to ssl vhost in /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Redirecting vhost in /etc/httpd/sites-enabled/admin.laser-tags.net.conf to ssl vhost in /etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf
Redirecting vhost in /etc/httpd/sites-enabled/wip.laser-tags.net.conf to ssl vhost in /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://laser-tags.net,
https://admin.laser-tags.net, https://wip.laser-tags.net,
https://www.laser-tags.net, https://laserlabels.store, https://laserlabels.shop,
https://wip.laserlabels.store, https://wip.laserlabels.shop,
https://www.laserlabels.store, and https://www.laserlabels.shop
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=admin.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=www.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=laserlabels.shop
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laserlabels.shop
https://www.ssllabs.com/ssltest/analyze.html?d=www.laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=www.laserlabels.shop
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/laser-tags.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/laser-tags.net/privkey.pem
Your cert will expire on 2020-06-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
- We were unable to subscribe you the EFF mailing list because your
e-mail address appears to be invalid. You can try again later by
visiting https://act.eff.org.
My web server is (include version):
The operating system my web server runs on is (include version): Centos 7
Linux www.laser-tags.net 3.10.0-957.21.2.el7.x86_64 #1 SMP Wed Jun 5 14:26:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is:n/a
I can login to a root shell on my machine (yes or no, or I donāt know):yes
Iām using a control panel to manage my site (no, or provide the name and version of the control panel):no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if youāre using Certbot):[root@www sites-available]# certbot --version
certbot 1.0.0
So, I created the certificate as above, and ran through testing some of the sites. Safari doesnāt like https://laserlabels.shop/ - claiming the certificate is self-signed, but itās the same configuration file Iām using for āwip.laser-tags.netā, which is apparently fine. The ssllabs links above show the same issue. Iām kind of confused as to why one virtual host works, when the other doesnāt
Hereās the config files for Apache (the non-working domains):
[root@www sites-available]# cat www.laser-tags.net.conf
<VirtualHost *:80>
ServerName www.laser-tags.net
ServerAlias laser-tags.net
ServerAlias www.laserlabels.shop
ServerAlias laserlabels.shop
ServerAlias www.laserlabels.store
ServerAlias laserlabels.store
DocumentRoot /var/www/sites/laser-tags.net
ErrorLog /var/www/log/laser-tags.net.errors
CustomLog /var/www/log/laser-tags.net.access combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =laserlabels.store [OR]
RewriteCond %{SERVER_NAME} =www.laser-tags.net [OR]
RewriteCond %{SERVER_NAME} =laser-tags.net [OR]
RewriteCond %{SERVER_NAME} =www.laserlabels.store [OR]
RewriteCond %{SERVER_NAME} =laserlabels.shop [OR]
RewriteCond %{SERVER_NAME} =www.laserlabels.shop
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
[root@www sites-available]# cat www.laser-tags.net-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.laser-tags.net
ServerAlias laser-tags.net
ServerAlias www.laserlabels.shop
ServerAlias laserlabels.shop
ServerAlias www.laserlabels.store
ServerAlias laserlabels.store
DocumentRoot /var/www/sites/laser-tags.net
ErrorLog /var/www/log/laser-tags.net.errors
CustomLog /var/www/log/laser-tags.net.access combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/laser-tags.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/laser-tags.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/laser-tags.net/chain.pem
</VirtualHost>
</IfModule>
ā¦ and the working ones
[root@www sites-available]# cat wip.laser-tags.net.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName wip.laser-tags.net
ServerAlias wip.laserlabels.shop
ServerAlias wip.laserlabels.store
DocumentRoot /var/www/sites/wip.laser-tags.net
ErrorLog /var/www/log/wip.laser-tags.net.errors
CustomLog /var/www/log/wip.laser-tags.net combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/laser-tags.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/laser-tags.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/laser-tags.net/chain.pem
</VirtualHost>
</IfModule>
[root@www sites-available]# cat wip.laser-tags.net-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName wip.laser-tags.net
ServerAlias wip.laserlabels.shop
ServerAlias wip.laserlabels.store
DocumentRoot /var/www/sites/wip.laser-tags.net
ErrorLog /var/www/log/wip.laser-tags.net.errors
CustomLog /var/www/log/wip.laser-tags.net combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/laser-tags.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/laser-tags.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/laser-tags.net/chain.pem
</VirtualHost>
</IfModule>
I checked that the DNS entries are all set, in case that was a problem. all the relevant (www,admin,wip,).domain seem to be ok.
Anyone got any ideas ?
Cheers
[update: I saw the release of certbot 1.3, and my (fetched by yum) version was 1.0, so I pulled the new one down from git, compiled it, and did a reinstallā¦
[root@www certbot]# venv3/bin/certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: laser-tags.net
2: admin.laser-tags.net
3: wip.laser-tags.net
4: www.laser-tags.net
5: laserlabels.store
6: laserlabels.shop
7: wip.laserlabels.shop
8: wip.laserlabels.store
9: www.laserlabels.store
10: www.laserlabels.shop
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/laser-tags.net.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/admin.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/wip.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/www.laser-tags.net-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Future versions of Certbot will automatically configure the webserver so that all requests redirect to secure HTTPS access. You can control this behavior and disable this warning with the --redirect and --no-redirect flags.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains: https://laser-tags.net,
https://admin.laser-tags.net, https://wip.laser-tags.net,
https://www.laser-tags.net, https://laserlabels.store, https://laserlabels.shop,
https://wip.laserlabels.shop, https://wip.laserlabels.store,
https://www.laserlabels.store, and https://www.laserlabels.shop
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=admin.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=www.laser-tags.net
https://www.ssllabs.com/ssltest/analyze.html?d=laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=laserlabels.shop
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laserlabels.shop
https://www.ssllabs.com/ssltest/analyze.html?d=wip.laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=www.laserlabels.store
https://www.ssllabs.com/ssltest/analyze.html?d=www.laserlabels.shop
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/laser-tags.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/laser-tags.net/privkey.pem
Your cert will expire on 2020-06-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
ā¦ but I still get the same result. Reading around, I also found I can do:
[root@www simon]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: laser-tags.net
Domains: laser-tags.net admin.laser-tags.net laserlabels.shop laserlabels.store wip.laser-tags.net wip.laserlabels.shop wip.laserlabels.store www.laser-tags.net www.laserlabels.shop www.laserlabels.store
Expiry Date: 2020-06-01 20:31:05+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/laser-tags.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/laser-tags.net/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ā¦ so certbot thinks it has all the right hosts ā¦