Ubuntu Apache self-signed certificate

D5bWavyqH7f9P · March 28, 2021, 3:01am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
https://jitsi-meet.it4us.top/
It produced this output:

My web server is (include version):
root@it4us:/etc/apache2# apachectl -V
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2020-08-12T19:46:17
Server's Module Magic Number: 20120211:88
Server loaded: APR 1.6.5, APR-UTIL 1.6.1
Compiled using: APR 1.6.5, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/apache2"
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="mime.types"
-D SERVER_CONFIG_FILE="apache2.conf"

The operating system my web server runs on is (include version):
root@it4us:/etc/apache2# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
root@it4us:/etc/apache2# uname -a
Linux it4us.top 5.4.0-1032-raspi #35-Ubuntu SMP PREEMPT Fri Mar 19 20:52:40 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
root@it4us:/etc/apache2#
My hosting provider, if applicable, is:
it4us.top <- kandb.horrix@gmail.com
I can login to a root shell on my machine (yes or no, or I don't know):
yes <-- would need to know you want to get in - have to adjust firewall
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
webmin
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
root@it4us:/etc/apache2/sites-available# certbot --version
certbot 0.40.0

Osiris · March 28, 2021, 8:58am

What exactly is your question and/or issue you're having?

From crt.sh | jitsi-meet.it4us.top I can see you haven't issued any certificate for that hostname currently.

You say you're using Webmin as the control panel and have certbot installed. Webmin should be able to issue certificates using certbot internally. Did you check out the Webmin documentation about Let's Encrypt?

D5bWavyqH7f9P · March 29, 2021, 3:11pm

You can see the 'Not Secure' marker put there by the google browser.
When I use a certificate from another provider, this marker is not present.

Why is the certificate considered 'Not Secure' ????

Rip · March 29, 2021, 5:29pm

I think that's where the problem is exactly. There is no certificate covering hostname jitsi-meet.

However:
it4us.top and www.it4us.top
have current certificates.

https://crt.sh/?q=it4us.top

@D5bWavyqH7f9P will need to expand his cert to add host jitsi-meet if I am correct.

Osiris · March 29, 2021, 7:12pm

There is no certificate from any CA issued for that subdomain, so I don't understand how @D5bWavyqH7f9P could get a green lock icon for the jitsi-meet subdomain anyway.

But still, your advice is sound indeed: if @D5bWavyqH7f9P wishes to secure the jitsi-meet subdomain, he should include it in the certificate.

system · April 28, 2021, 7:12pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.