Unable to install ssl on amazon linux ec2 instace


#1

I am trying to install my SSL on Amazon linux ec2 instance. Kindly guide me how can do this… i am facing below error

1: yum install python27-devel git
2: git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
3: /opt/letsencrypt/letsencrypt-auto --debug

When i run 3rd command i face below error.

Keeping the existing certificate
Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf
Cannot find an SSLCertificateFile directive in /files/etc/httpd/conf/httpd-le-ssl.conf/IfModule/VirtualHost. VirtualHost was not modified
Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1323, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1093, in run
_install_cert(config, le_client, domains, new_lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 768, in _install_cert
path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 489, in deploy_certificate
fullchain_path=fullchain_path)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 306, in deploy_cert
self._deploy_cert(vhost, cert_path, key_path, chain_path, fullchain_path)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 435, in _deploy_cert
“Unable to find an SSLCertificateFile directive”)
PluginError: Unable to find an SSLCertificateFile directive
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.posplus.co.za/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.posplus.co.za/privkey.pem
    Your cert will expire on 2018-09-19. To obtain a new or tweaked
    version of this certificate in the future, simply run
    letsencrypt-auto again with the “certonly” option. To
    non-interactively renew all of your certificates, run
    “letsencrypt-auto renew”

Kindly guide me what i need to do.

Regards,


#2

It seems like you might already have an SSL VirtualHost for your domain, but it is missing SSLCertificateFile/SSLCertificateKeyFile lines.

What’s this show?

apachectl -S

You may be able to manually repair the file by adding two lines to the VirtualHost:

SSLCertificateFile  /etc/letsencrypt/live/www.posplus.co.za/fullchain.pem
SSLCertificateKeyFile  /etc/letsencrypt/live/www.posplus.co.za/privkey.pem

#3

apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server marketing.bizboxhub.com (/etc/httpd/conf.d/vhost.conf:1)
port 80 namevhost marketing.bizboxhub.com (/etc/httpd/conf.d/vhost.conf:1)
port 80 namevhost marketing.bizboxhub.com (/etc/httpd/conf/httpd.conf:355)
port 80 namevhost www.posplus.co.za (/etc/httpd/conf/httpd.conf:363)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex default: dir="/var/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
PidFile: “/var/run/httpd/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48


#4

if i enter these lines in httpd.conf virtual host session

<VirtualHost *:80>
ServerAdmin ahmadmujtaba@plutuscommerce.net
DocumentRoot “/var/www/html/posplus”
ServerName www.posplus.co.za
ErrorLog “logs/www.posplus.co.za-error_log”
CustomLog “logs/www.posplus.co.za-access_log” common
SSLCertificateFile /etc/letsencrypt/live/www.posplus.co.za/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.posplus.co.za/privkey.pem

than my httpd service stoped


#5

OK, that’s not the solution, since you don’t already have any HTTPS vhosts.

In this file, are there lines that look like:

<IfModule ...>
<VirtualHost ...>
...
</VirtualHost>
</IfModule>

Could you show this file’s contents please?

There is some reference in the Certbot docs that you may need to comment out the IfModule lines if you get this error, and then run Certbot again to have it re-install the certificate.


#6

i have added this file with code

ServerAdmin ahmadmujtaba@plutuscommerce.net
    ServerName www.posplus.co.za
    ServerAlias www.posplusco.za


    DocumentRoot /var/www/html/posplus

    <Directory  /var/www/html/posplus>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
    </Directory>

    CustomLog /var/log/httpd/www.posplus.co.za.log combined

    SSLEngine on
    SSLHonorCipherOrder On
    SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS


    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>

                            BrowserMatch   ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.posplus.co.za/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.posplus.co.za/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.posplus.co.za/chain.pem


#7

Performing the following challenges:
http-01 challenge for www.posplus.co.za
Using the webroot path /var/www/html/posplus for all unmatched domains.
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.posplus.co.za/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.posplus.co.za/privkey.pem
    Your cert will expire on 2018-09-19. To obtain a new or tweaked
    version of this certificate in the future, simply run
    letsencrypt-auto again. To non-interactively renew all of your
    certificates, run “letsencrypt-auto renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le
    i have get this message now but my site is is showing is insecure


#8

Hi,

Have you tried to restart Apache?

Thank you


#9

yes many time i have but no sucess


#10

Hi,

Can you try this command again?
apachectl -S

Thank you


#11

[root@ip-10-82-2-166 ~]# apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server marketing.bizboxhub.com (/etc/httpd/conf.d/vhost.conf:1)
port 80 namevhost marketing.bizboxhub.com (/etc/httpd/conf.d/vhost.conf:1)
port 80 namevhost marketing.bizboxhub.com (/etc/httpd/conf/httpd.conf:355)
port 80 namevhost www.posplus.co.za (/etc/httpd/conf/httpd.conf:363)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex default: dir="/var/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
PidFile: “/var/run/httpd/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48


#12

Hi,

It seems that you don’t currently have a virtual host listening on port 443.

Do you want to create one for www.posplus.co.za?

Thank you


#13

yes i want to create help me how can i do


#14
<VirtualHost *:443>
ServerAdmin ahmadmujtaba@plutuscommerce.net
    ServerName www.posplus.co.za
    ServerAlias www.posplusco.za


    DocumentRoot /var/www/html/posplus

    <Directory  /var/www/html/posplus>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
    </Directory>

    CustomLog /var/log/httpd/www.posplus.co.za.log combined

    SSLEngine on
    SSLHonorCipherOrder On
    SSLProtocol -All +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS


    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>

BrowserMatch   ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.posplus.co.za/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.posplus.co.za/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.posplus.co.za/chain.pem
</VirtualHost>

Is this what you want?

Place the above file under your vHost folder.

Thank you


#15

how can i locate my vhost?


#16

Any one can help me, ??
i am already using open ssl on same server for other domains
can any one help me for set the vhost


#17

Dude, you really need to take a look at your executed commands…

Here is the directory of your vHost, /etc/httpd/conf.d/

It’s in post 11 of this thread. Unable to install ssl on amazon linux ec2 instace

Make a file under this folder and restart apache.

Thank you


#18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.