Please show:
ls -l /etc/letsencrypt/live/welooop.com/
ls -l /home/ubuntu/*.pem
3 Likes
root@certbot-20230406:/etc/letsencrypt/accounts# ls -l /etc/letsencrypt/live/welooop.com/
total 4
-rw-r--r-- 1 root root 692 Apr 6 16:22 README
lrwxrwxrwx 1 root root 35 Apr 6 16:22 cert.pem -> ../../archive/welooop.com/cert1.pem
lrwxrwxrwx 1 root root 36 Apr 6 16:22 chain.pem -> ../../archive/welooop.com/chain1.pem
lrwxrwxrwx 1 root root 40 Apr 6 16:22 fullchain.pem -> ../../archive/welooop.com/fullchain1.pem
lrwxrwxrwx 1 root root 38 Apr 6 16:22 privkey.pem -> ../../archive/welooop.com/privkey1.pem
I removed the ones in /home/ubuntu after download using WinScp
I tried the "short" one, same error, didn't work.
Maybe the WinSCP garbled the contents???
Try copying them over again.
From where?
2 Likes
In OCI, it allows to copy the content of the .pem file directly, let me try that now, to skip the possible WinScp issue.
Show these outputs:
openssl x509 -in cert1.pem -noout -pubkey
openssl rsa -in privkey1.pem -pubout
[if it asks for a passphrase, just enter anything]
2 Likes
root@certbot-20230406:/etc/letsencrypt/live/welooop.com# openssl x509 -in cert1.pem -noout -pubkey
Could not open file or uri for loading certificate from cert1.pem
20A0A6B0FFFF0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
20A0A6B0FFFF0000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(cert1.pem)
Unable to load certificate
root@certbot-20230406:/etc/letsencrypt/live/welooop.com# openssl rsa -in privkey1.pem -pubout
Could not open file or uri for loading private key from privkey1.pem
20300C9BFFFF0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
20300C9BFFFF0000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(privkey1.pem)
Also, I copied and pasted the .pem content directly into OCI setup screen, still same error. and I got this:
2.5 months ago I got my first certificate on a ubuntu machine, after that, that machine was no longer available, so I had to "renew" or get a "new certificate" on a brand new ubuntu machine, I don't know if that matters.
If there is an easy way to "re-generate the certificate"/"start from scratch" , I would love to try that. Please let me know what command can I use?
right now, in my Google Domain, there are 2 TXT records for _acme-challenge.welooop.com
one is the previous one, the second one is the one I got yesterday, Is that OK? should I delete the first/old one?
Does Let's Encrypt have a sample/demo/trial certificate that I can use to test?
My certificate doesn't work on my website, so either (1) the certificate has problem or (2) my website has problem, if I can eliminate one, then the rest is much easier, any thoughts?
No, there is no trial cert and private key for testing 
It looks to me your Apache server is mis-configured for the domain weloop.com. It is using a cert that expired 2 years ago. It is a wildcard for *.sites.myregisteredsite.com
I haven't read thru this whole thread but this is pretty definitive
I don't see any mention of Apache in your first post but the server response header says it is.
3 Likes
They should be deleted after each use.
3 Likes
If in the /live/ directory, try without the "1":
openssl x509 -in cert.pem -noout -pubkey
openssl rsa -in privkey.pem -pubout`
2 Likes
root@certbot-20230406:/etc/letsencrypt/live/welooop.com# openssl x509 -in cert.pem -noout -pubkey
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjdqaz7d1VoZxyq1KJjMtTvwytlcJ
UVAxzGUG2J8eo4qqilFtBubHUFo5ktT41bTyNQ3fK0iZWDztBdiW3T1YVQ==
-----END PUBLIC KEY-----
root@certbot-20230406:/etc/letsencrypt/live/welooop.com# openssl rsa -in privkey.pem -pubout
Not an RSA key
My site is welooop.com, not weloop.com
1 Like
Try:
openssl dsa -in privkey.pem -pubout
2 Likes
root@certbot-20230406:/etc/letsencrypt/live/welooop.com# openssl dsa -in privkey.pem -pubout
read DSA key
Not a DSA key
How about openssl ec -in privkey.pem -pubout?
4 Likes