My domain is:
I ran this command:
sudo certbot --cert-name qumran2 -d weewx.qumran2.net
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/qumran2.conf)
What would you like to do?
-------------------------------------------------------------------------------
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-available/weewx.qumran2-le-ssl.conf
Please choose whether HTTPS access is required or optional.
-------------------------------------------------------------------------------
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enhancement redirect was already set.
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://weewx.qumran2.net
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=weewx.qumran2.net
-------------------------------------------------------------------------------
My web server is (include version):
apache 2.4.10-10+deb8u10
The operating system my web server runs on is (include version):
debian jessie
My hosting provider, if applicable, is:
hetzner
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
However, https://www.ssllabs.com/ssltest/analyze.html?d=weewx.qumran2.net says “Assessment failed: No secure protocols supported”
The site config file is:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin paolobenve@gmail.com
ServerName weewx.qumran2.net
DocumentRoot /home/paolo/weewx/
<Directory /home/paolo/weewx/>
DirectoryIndex index.html
Options FollowSymLinks
AllowOverride All
order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# ErrorDocument 404 /index.html
CustomLog /var/log/apache2/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =weewx.qumran2.net
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/qumran2/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/qumran2/privkey.pem
</VirtualHost>
</IfModule>
Something is wrong, because I get:
$ openssl s_client -connect weewx.qumran2.net:443
CONNECTED(00000003)
139926165444248:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1507063630
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
What am I missing?