I got everything seemingly up and running with my Ubuntu Gnome Boxes VM + the Ubuntu 20.04 minimal focal server on AWS - everything was actually working alright when I realized that I set everything up with my Elastic IP and decided to try and change it to the actual IP (without much due diligence). I basically re-installed certbot WITHOUT 'ceronlly' and then chose a new certificate and it looks like there's a duplicate but i'm not well versed in trouble shooting.
My gut instinct is to delete the second duplicate - but not even sure which one that is b/c they're not numbered and now my site is vulnerable...
I ran this command (this is the second time when I thought I made a mistake and tried to correct it): ```
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx
sudo certbot renew --dry-run
It produced this output:
sudo certbot --nginx -d brightlander.com -d www.brightlander.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/brightlander.com.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
******* I CHOSE 2******
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/conf.d/brightlander.conf
Deploying Certificate to VirtualHost /etc/nginx/conf.d/brightlander.conf
nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:34
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
******* I CHOSE TO REDIRECT******
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/brightlander.conf
Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/brightlander.conf
nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://brightlander.com and
https://www.brightlander.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=brightlander.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.brightlander.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/brightlander.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/brightlander.com/privkey.pem
Your cert will expire on 2021-06-26. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
My web server is (include version): Route 53 host + nginx + ubuntu 20.10 vm + ubuntu 20.04 focal
The operating system my web server runs on is (include version): My computer is a ThinkPad X1 Gen 8 that has Fedora and gnome boxes - used Gnome boxes for Ubuntu...
My hosting provider, if applicable, is: Route 53 Amazon Web Services
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Not yet.
The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot):IDK
I'm kind of lost. I hadn't done a single thing to that site and I'm quite new to the Linux world. The course taught me a lot - but not very much about troubleshooting. Are you sure there's not an issue with there being (seemingly) a duplicate? I created the username and password and that's basically it... my other stie seems to work fine (did it last week): medsupplynetwork.com -> but I dind't "re-install" Certbot on that one...
By the way, thanks for taking a look @JuergenAuer ! When i try to go to: brightlander.com/wp-admin --> it won't let me log in and returns: " Your connection is not private
Attackers might be trying to steal your information from 3.219.14.14 (for example, passwords, messages, or credit cards). Learn more
It looks like a lot of people have viewed this so please answer me this...
If I deleted this virtual machine, deleted my Route 53, deleted my elastic IP and EC2 instance - would this also detach/delete "Let's Encrypt" from my website so I could just start over from scratch? There's absolutely no content/WordPress development etc. that'll be lost if I do this...
I just want this landing page up and running so I can move forward... I'd like to just delete Certbot and Let's Encrypt but it looks like there's a risk of being blocked for 7 days (that's if one installs too many certs - which I've only done 2) - so opposed to waitng for hours or days - I'd rather just restart and do it again in an hour.
PLEASE HELP! And let me know if that's the best way - seemingly just a file needs to be deleted but I don't know how to properly trouble shoot and just want a secure landing page at this point - so might as well just delete it all.
That's wrong. The link redirected to the ip address. So a certificate with an ip address as domain name is required. I don't think the TO wants to create a certificate with an ip address he doesn't own / control.
Right, well this seems to be the problem with the programming world. Community driven and "free" and "completeley open, we're community driven and all are welcome" when in actuality the people that create this stuff need money , obviously, and don't have the personality to close sales so this always leads to improper expectations and clearly resentments There needs to be a serious, heavy lifting evaluation standard and redefinition of languages that are based on propositional and/or prepositional logic ONLY and will develop these normative standards for literally EVERY DETAIL In the programming world... This isn't about money - which for the record, isn't actually worth anything other than the intrinsic value that we decide on. You have languages that are named not by function, but because a guy named Ian had a girlfriend named Debian ABSURD AND SELFISH - or - someone else gets a girlfriend named Maria and sprinkle a little encrypted anonymity with a feeling of under appreciation for work and inability to close a sale in the real world and BOOM - terrible clutter of non-sense in the programming world that needs to be completely redone. Linux and Unix are a mess and it's ridiculous that no one is louder about this. These things have only been used by people in homes since (let's say) 1995 and I don't even think the original network officially expanded outside of the US until the late 80s? Time to redo this entire system of programming with declarative, normative standards. I'm glad that I'm finding out about all of this now so I can find a team and propose a new way of defining these processes and languages in line with ISO and people that actually have their eyes open. No wonder our world is in absolute shambles - THE SYSTEMS RUNNING THE PLANET ARE A MESS AND ARE CREATED THEN RUN BY PEOPLE THAT MAKE SUGGESTIONS BASED ON FEELINGS RATHER THAN LOGIC.
The issue here isn't with any certificate what so ever, so your post is, well, a little bit, scrap that, very silly. If the certificate isn't the problem, please tell me how a purchased certificate will fix @point14 s problem?
Is everything alright? It seems you had some spare time on your hand to type a big rant of 318 words.. And I still don't have a clue what you're trying to say. I have a feeling you're frustrated because your site still isn't marked as "secure", even if you have a valid certificate, right?
Funny thing is: at the time of writing, your site and the /wp-admin/ path is marked perfectly as secure here. It seems you've found the issue with your site?