Related

how to enable HTTP/2 after installing SSL via letsencrypt in command line Question Question
Webmin - Lets' encrypt SSL_ERROR_RX_RECORD_TOO_LONG (Firefox) Question Question

Question

Adding Let's Encrypt SSL Certificate from Security tab did not work

Posted November 12, 2019 1.9k views
Let's Encrypt

I added a Let’s Encrypt SSL through the security tab but from what I can tell, the server doesn’t seem like it’s open to communication on port 443.

I did:

sudo apache2ctl -S

this was the response:

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 uptownecafe.com (/etc/apache2/sites-enabled/000-default.conf:4)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex watchdog-callback: usingdefaults
Mutex rewrite-map: usingdefaults
Mutex default: dir=“/var/run/apache2/” mechanism=default
Mutex mpm-accept: usingdefaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMPVHOSTS
Define: DUMPRUNCFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

the non https version of the site works fine. but need SSL for ecommerce.

please advise. thank you!

Add a comment
garfield1979
By:
garfield1979
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers
alexdo November 12, 2019

Hello, @garfield1979

Could you please let me know if you’ve followed our tutorial for installing LE SSL - https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04

What’s the exact error when you access the site via https? Also is port 443 open for incoming connections? You can also copy/paste the content of your Apache config so we can have a look.

Let me know how it goes.

Regards,
Alex

How To Secure Apache with Let's Encrypt on Ubuntu 18.04
by Kathleen Juell
by Erika Heidi
Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to obtain a free SSL certificate for Apache on Ubuntu 18.04 and set up your certificate to renew automatically.
Reply Report
  • garfield1979 November 12, 2019

    Thanks so much for your reply. So I didn’t know you needed to go through with this step when registering a let’s encrypt through the security tab in the admin panel.

    So I started through the steps and a few things didn’t match up for me..
    in the tutorial:
    sudo nano /etc/apache2/sites-available/your_domain.conf
    in my case
    sudo nano /etc/apache2/sites-available/000-default.conf

    in the tutorial the configuration configuration file looks for

    ServerName your_domain;

    But in my case it was ServerName @domain;

    I replaced it with:
    ServerName uptownecafe.com
    ServerAlias www.uptownecafe.com

    When I ran:
    sudo apache2ctl configtest
    I got:
    AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
    Syntax OK

    When I tried:
    sudo ufw status
    it returned
    Status: inactive

    I’m not sure how to continue

    Thanks!

    Reply Report
    • alexdo November 12, 2019

      I can see that the configuration file is okay:

      Syntax OK

      You can use netstat to see if the port is open:

      netstat -plunta | grep 443

      Let me know how it goes.

      Regards,
      Alex

      Reply Report
      • garfield1979 November 12, 2019

        I get:

        tcp 0 1 204.48.26.236:22 140.143.222.95:44438 LAST_ACK

        looks like 443 doesn’t exist

        Reply Report
        • alexdo November 12, 2019

          You can try to open the port using iptables:

          iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT

          service iptables save

          service iptables restart

          Also in the apache config file do you have a block for 443/SSL - <VirtualHost *:443>

          Regards,
          Alex

          Reply Report
          • garfield1979 November 12, 2019

            Ok I added
            <VirtualHost *:443></VirtualHost>
            to the config file, the sytax checks out.

            I tried:
            iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT

            it says

            Bad argument `–dport’

            Reply Report
alexdo November 12, 2019

You might need to enter it manually instead of copy/paste it because of the “-” before dport.

Regards,
Alex

Reply Report
garfield1979 November 12, 2019
[deleted]
Reply Report
alexdo November 13, 2019

Hello,@garfield1979

I’m glad you’ve sorted this. :)

Regards,
Alex

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help