The ssl Certificate does not work correctly

I installed bigbluebutton on a dedicated server without firewall and with a pubblic IP, I registered the dns name on a third level domain aulesaf.pclinkitalia.com which correctly points to the IP address of the server that publishes bigbluebutton, I installed letsencrypt and I follow all the steps to generate the ssl Key, but when I try to connect to the webpage, mozzilla sad PR_END_OF_FILE_ERROR and chrome say connection close
My domain is:aulesaf.pclinkitalia.com

I ran this command: sudo certbot --nginx

It produced this output:
root@ubuntu:~$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?


1: aulesaf.pclinkitalia.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/aulesaf.pclinkitalia.com.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/bigbluebutton

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/bigbluebutton


Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains:
https://aulesaf.pclinkitalia.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=aulesaf.pclinkitalia.com


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/aulesaf.pclinkitalia.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/aulesaf.pclinkitalia.com/privkey.pem
    Your cert will expire on 2020-01-30. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version): Tomcat 7

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: dedicated server on aruba

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0-1+ubuntu16.04.1+certbot+1

thanks for your help

Hi @pclinkitalia

if you have a Tomcat, additional steps are required so Tomcat is able to use the certificate.

Check the documentation of your Tomcat to see, how to configure your system.

I try to follow the instruction in the follow link, Configuring Let’s Encrypt with Tomcat 6.x and 7.x - Server - Let’s Encrypt Community Support
but it did the same thing.

The certificate seems not properly installed.

Have you some suggestions?

Check your current Tomcat documentation, not a two years old topic. That’s a long time. There may be newer and better solutions.

PS: Checking your domain (old checks, created yesterday) there are new certificates - https://check-your-website.server-daten.de/?q=aulesaf.pclinkitalia.com#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-11-01 2020-01-30 aulesaf.pclinkitalia.com - 1 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-10-31 2020-01-29 aulesaf.pclinkitalia.com - 1 entries duplicate nr. 1

So the certificate creation has worked.

It’s only an installation problem.

PPS: There are tons of informations.

Tomcat + Letsencrypt.

Create a pfx file, then a jks, then configure your Tomcat to use that jks. All commands are listed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.