Troymacnaughton.com

Help
1

My domain is: troymacnaughton.com

I ran this command: sudo certbot run

It produced this output:

Requesting a certificate for troymacnaughton.com
Performing the following challenges:
http-01 challenge for troymacnaughton.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/troymacnaughton.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/troymacnaughton.com-le-ssl.conf
Enabling site /etc/httpd/conf.d/troymacnaughton.com-le-ssl.conf by adding Include to root configuration
Enhancement redirect was already set.

Congratulations! You have successfully enabled https://troymacnaughton.com

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/troymacnaughton.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/troymacnaughton.com/privkey.pem
    Your cert will expire on 2021-03-02. To obtain a new or tweaked

I restarted apache but got

troy2
troy2905×740 99.1 KB

So then my notes say to also run (which I think is wrong because I just did this) sudo snap run certbot -d troymacnaughton.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
ssl_module is statically linked but --apache-bin is missing; not disabling session tickets.
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/troymacnaughton.com.conf)

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (may be subject to CA rate limits)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/httpd/conf.d/troymacnaughton.com-le-ssl.conf
Enhancement redirect was already set.

Congratulations! You have successfully enabled https://troymacnaughton.com

So then my notes say to run sudo snap run certbot -d www.troymacnaughton.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
ssl_module is statically linked but --apache-bin is missing; not disabling session tickets.
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for www.troymacnaughton.com
Performing the following challenges:
http-01 challenge for www.troymacnaughton.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/httpd/conf.d/troymacnaughton.com-le-ssl.conf
Enhancement redirect was already set.

Congratulations! You have successfully enabled https://www.troymacnaughton.com

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.troymacnaughton.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.troymacnaughton.com/privkey.pem

restarted apached cleared cache, opened incogneto browser still got Warning: Potential Security Risk Ahead.

This is my virtual host file
[orca@orcacomputers conf.d]$ cat troymacnaughton.com.conf
<VirtualHost *:80>

    ServerName troymacnaughton.com
    ServerAlias www.troymacnaughton.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/troymacnaughton.com/public_html
    ErrorLog /var/log/httpd/troymacnaughton.com-error.log
    CustomLog /var/log/httpd/troymacnaughton.com-access.log combined


    <Directory "/var/www/troymacnaughton.com/public_html">
      AllowOverride None
	</Directory>

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.troymacnaughton.com [OR]
RewriteCond %{SERVER_NAME} =troymacnaughton.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

I then ran sudo certbot run again and see
47: troymacnaughton.com
48: www.troymacnaughton.com

But haven't made any selection.

Before launching certbot I loaded troymacnaughton.com and got the apache picture so webserver is working.

My web server is (include version): Server version: Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS7

My hosting provider, if applicable, is: Godaddy

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.10.0

2

Hi @0rcaCPA

checking your domain you have a loop https -> https

What says

apachectl -S
3

You need to ask for both in the same request: "47 48"
One cert with both names on it.

1 Like
4

Or have them both on the command line, either as a comma separate list for one -d or just use the -d option multiple times, once per hostname.

But the redirect loop is a worse issue, so indeed, apachectl -S is the way to go forward first and after that we probable need to see the offending configuration files.

5

I don't see the redirection loop at all.
I do see the completely wrong cert (for both names):

image
image405×507 9.63 KB

6

There is a check, 20 minutes old - https://check-your-website.server-daten.de/?q=troymacnaughton.com - there you see the loop .- Grade L.

https -> https

So the port 443 vHost has a redirect.

7

Yes, there is also a self signed certificate installed, but if you ignore that, you'll end up in a redirect loop redirecting to itself. In either way, we need apachectl -S to begin with.

1 Like
8

Grattitude for the responses guys. I removed my other domains from the output.

[orca@orcacomputers public_html]$ apachectl -S
> AH00112: Warning: DocumentRoot [/var/www/freeonlinemoney.com/public_html] does not exist
VirtualHost configuration:
*:443 is a NameVirtualHost
default server 0rcan0mic.com (/etc/httpd/conf.d/0rcan0mic.com-le-ssl.conf:2)
port 443 namevhost 0rcan0mic.com (/etc/httpd/conf.d/0rcan0mic.com-le-ssl.conf:2)
alias www.0rcan0mic.com

*:80 is a NameVirtualHost
default server orcacomputers.orcainbox (/etc/httpd/conf.d/00-default.conf:1)
port 80 namevhost orcacomputers.orcainbox (/etc/httpd/conf.d/00-default.conf:1)
port 80 namevhost 0rcan0mic.com (/etc/httpd/conf.d/0rcan0mic.com.conf:1)
alias www.0rcan0mic.com

     port 80 namevhost troymacnaughton.com (/etc/httpd/conf.d/troymacnaughton.com.conf:1)
             alias www.troymacnaughton.com

ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48 not_used
Group: name="apache" id=48 not_used
[orca@orcacomputers public_html]$

Now I did make a self signed Certificate Authority a while back and was trying to configure s/mime email. I don't know if this comes into the scenatio but I did see a few comments that maybe the issue. I completed this tutorial for the CA

9

In the output of this file (a few posts above):

We see that it redirects to HTTPS.

But we don't actually see any listening HTTPS file with that name:

So you're missing that.

And this:

implies that you already have a cert and all you need to do is use it.

So let's first confirm that you do have a valid cert with the output of:
certbot certificates

2 Likes
10

[orca@orcacomputers conf.d]$ sudo certbot certificates
[sudo] password for orca:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:

Certificate Name: www.troymacnaughton.com
Serial Number: 3b563b5e4f4777a1ca554a831a9e2a80352
Key Type: RSA
Domains: www.troymacnaughton.com
Expiry Date: 2021-03-02 21:16:34+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.troymacnaughton.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.troymacnaughton.com/privkey.pem

11

So you have a cert with the www name.
You should replace that with one that has both names.

Then you need to use it.

2 Likes
12

I see the loop.

Certificate Name: troymacnaughton.com
Serial Number: 3ac03afeb90439985a2b8a645888cc5aa11
Key Type: RSA
Domains: www.thesuperioreatingsystem.com troymacnaughton.com
Expiry Date: 2021-03-03 01:08:38+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/troymacnaughton.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/troymacnaughton.com/privkey.pem

13

That's

a critical misconfiguration.

The same combination port + domain name.

Merge these both in one and remove the other.

That's not a loop, tha'ts your certificate.

14

I don't see the """critical""" misconfiguration? It's indented a little bit weird, but it's just a different virtualhost, just like any other?

2 Likes
15

Sorry, forget / ignore that part of the answer. Was the wrong moment.

Hosts are different, so it's not a problem.

2 Likes
16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.