Web pages are displaying, but the site does not load as https

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: 20842.org

I ran this command:

It produced this output:

My web server is (include version): Apache/2.4.25 (Debian)

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Web pages are display fine, but the site does not load as https. sudo apachectl configtest comes back: syntax ok. I installed a certificate from Let's Encrypt per this site: https://www.linode.com/docs/guides/install-lets-encrypt-to-create-ssl-certificates/ At https://letsdebug.net/20842.org/364973 it reports everything is okay.

1 Like

Hi @blogjackets,

Did all of the steps in that tutorial come back OK, with no errors?

Is it possible that you have a firewall either on the VPS or in your hosting plan setup that prevents inbound connections from the Internet on port 443? In that case everything might already be working properly but the firewall could be preventing us from seeing that.

2 Likes

I think we should have a look at the output of:
apachectl -S

3 Likes

root@localhost:/etc/apache2/sites-available# apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 20842.org (/etc/apache2/sites-enabled/20842.org.conf:1)
alias www.20842.org
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

1 Like

ufw status
Status: inactive

1 Like

The conf file for domain. If I add a line to redirect to https, then loading the web site fails.

<VirtualHost *:80>
ServerName 20842.org
ServerAlias www.20842.org
DocumentRoot /var/www/html/20842.org
ErrorLog {APACHE_LOG_DIR}/20842.org_error.log CustomLog {APACHE_LOG_DIR}/20842.org_access.log combined

1 Like

From the warning at the top of the guide you followed:

The instructions in this guide install Let’s Encrypt and add certificates manually (…)

Did you by any chance install the certificates? Because your apachectl -S command doesn't show any HTTPS VirtualHosts.

On another note: the guide is terrible and very old (4 years is eternity in IT land..). It uses git to clone the whole certbot repository for just the certbot-auto script (using the very, VERY ancient name letsencrypt...). It also uses git pull to update the client? I've never seen that. Didn't the certbot-auto script update itself back in 2016?

3 Likes

Yes, I installed the certificates or at least I think I did as I followed the guide. Let's Debug shows All OK! https://letsdebug.net/20842.org/365503

sudo ls /etc/letsencrypt/live/20842.org/
cert.pem chain.pem fullchain.pem privkey.pem README

The guide was suggested to me by a Linode help person and says at the top "Updated Wednesday, October 7, 2020 , by Linode Community."

1 Like

The letsdebug site is only testing things that could stop certificates from being issued, but we already know that that's not a problem because your certificate was issued correctly.

Something that the guide is not helping with and that @Osiris noticed is that the guide uses certonly, a mode where Certbot does not install your certificates in your web server application (which requires changing /etc/apache2). You would have to do that yourself with this guide—otherwise your Apache doesn't know that the certificates exist!

You would probably have a better experience using the instructions at https://certbot.eff.org/ because, as @Osiris noted, this guide is horribly out of date in various ways. I originally wrote some of the features that the guide refers to, and I can confirm that it's not using the up-to-date names for them!

Most notably, if you use certbot --apache instead of certbot certonly --standalone, Certbot should take care of installing the certificate for you by modifying your Apache configuration files!

5 Likes

OK, I'll give it a try. Was just following instruction given to me.. What do I do with my current certificate and key? Just delete everything or ignore?

1 Like

Getting and installing a certificate are two very different things! With that specific Linode guide, you're required to manually edit your webservers configuration files to add a HTTPS virtualhost and configure it to use the certificates you've gotten earlier.

Well, I'm not familiair with Linode, but most of the stuff of the guide is hopelessly obsolete.

Just keep them, certbot will recognise it and use it if it can.

3 Likes

Using the EFF guide worked like a charm. I have no idea why they would suggest that older guide. I'll contact the support desk and let them know to suggest https://certbot.eff.org/lets-encrypt/debianstretch-apache

Thanks. I am so grateful for the assistance.

4 Likes