URL is not showing secured after installing CertBot

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: reactler.com

I ran this command: sudo certbot certonly --standalone

It produced this output: successfully configured

My web server is (include version): PRETTY_NAME="Ubuntu 24.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.1 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="Bugs : Ubuntu"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Azure

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

After the successful installation of certbot, the site did not show as secure.

image
image1423×620 192 KB

2

There's no reason to expect it would. You told certbot to obtain a cert, not to configure your web server (whatever it is--which isn't Ubuntu) to use that cert to serve HTTPS. You'll need to do that.

4 Likes
3

This option does exactly that, as Dan already said: you only get the cert. The rest (i.e.: actually installing/using the cert) is up to the user.

By the way:

Is there a specific reason why you're using the standalone authenticator when you have a perfectly fine webserver Apache running on that host, apparently? Which was probably also the correct answer to the "My webserver is" question. "Ubuntu" was the answer to the "operating system" question :wink:

Usually the --apache authenticator works just fine which is also an installer plugin, if you want to let Certbot do all the work.. No need for the --standalone, which is quite a hassle if you already have a webserver running.

To be honest, it sounds like you have been following some guide in a misguided manner, not actually knowing what you're doing. (And I don't mean this in a mean way [it's Christmas after all], just being honest here, trying to understand the "how" and "why" of your actions..)

1 Like
4

There are multiple systems involved. Other volunteers also see prior thread from OP here:

Notably the DNS is pointing to Hostinger still

1 Like
5

@MikeMcQ That's the .in TLD, the .com TLD seems to be served by ns{1,2}.dns-parking.com. and is hosted on an IP address from MS.

@rajagopal Also, please don't forcibly "renew & replace" (the option you chose) the certificate if the certificate itself is perfectly fine. There is absolutely no need to re-issue a certificate if issuance was not the problem to begin with.

1 Like
6

Good point. But, they described the .in domain as being Azure as well as showing the same Ubuntu info in that other thread. Still think it's worth keeping in mind their various efforts.

2 Likes
7

From around the world HTTPS get "Connection refused" Permanent link to this check report

Tough to be secure without HTTPS (i.e. Port 443) accessible.

Port 443 is closed

$ nmap -Pn -p80,443 reactler.com
Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-26 08:28 PST
Nmap scan report for reactler.com (4.186.62.206)
Host is up (0.21s latency).

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

Edit

And here is what I find for DNS

For reactler.com

image
image1150×732 53.1 KB

And reactler.in

image
image1128×949 72.6 KB

8

The reactler.com server has already allowed with below ng.

image
image1574×192 14.3 KB

I am new to this task. So anyone provide me the steps what to do next after got issued the cert
?

9

Does Let’s Encrypt issue certificates for anything other than SSL/TLS for websites?

Assuming that the issue here is for web server, I still I see Port 443 closed thus access for HTTPS is not possible on the default port.

$ nmap -Pn -p80,443 reactler.com
Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-26 20:02 PST
Nmap scan report for reactler.com (4.186.62.206)
Host is up (0.21s latency).

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds

All routers and firewalls between the server in question and the public internet need to Allow access through.

Here details on Apache can be found in documentation and forums:

10

Probably because they have not yet configured their Apache server for HTTPS on port 443 :slight_smile:

You see Closed, not Filtered.

Below is good advice.

1 Like
11

ufw 443 is now enabled, but still facing same issue,

image
image881×579 11.7 KB

12

I was reconfigured with apache,

then also I am not getting the site secured,

image
image1461×1198 74.7 KB

13

Please show output of this

sudo apache2ctl -t -D DUMP_VHOSTS
1 Like
14

I tried using apache insttalation but i'ts not completing the installation properly, ended with subprocess error.

WhatsApp Image 2024-12-30 at 12.20.17_4df50615
WhatsApp Image 2024-12-30 at 12.20.17_4df506151280×664 150 KB

15

The separate rule you have shown is unnecessary. Apache Full already covers both HTTP on 80 and HTTPS on 443.

1 Like
16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.