Question

Adding Let's Encrypt SSL Certificate from Security tab did not work

Posted November 12, 2019 1.9k views
Let's Encrypt

I added a Let’s Encrypt SSL through the security tab but from what I can tell, the server doesn’t seem like it’s open to communication on port 443.

I did:

sudo apache2ctl -S

this was the response:

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 uptownecafe.com (/etc/apache2/sites-enabled/000-default.conf:4)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex watchdog-callback: usingdefaults
Mutex rewrite-map: using
defaults
Mutex default: dir=“/var/run/apache2/” mechanism=default
Mutex mpm-accept: usingdefaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP
VHOSTS
Define: DUMPRUNCFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

the non https version of the site works fine. but need SSL for ecommerce.

please advise. thank you!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers

Hello, @garfield1979

Could you please let me know if you’ve followed our tutorial for installing LE SSL - https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04

What’s the exact error when you access the site via https? Also is port 443 open for incoming connections? You can also copy/paste the content of your Apache config so we can have a look.

Let me know how it goes.

Regards,
Alex

by Kathleen Juell
by Erika Heidi
Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to obtain a free SSL certificate for Apache on Ubuntu 18.04 and set up your certificate to renew automatically.
  • Thanks so much for your reply. So I didn’t know you needed to go through with this step when registering a let’s encrypt through the security tab in the admin panel.

    So I started through the steps and a few things didn’t match up for me..
    in the tutorial:
    sudo nano /etc/apache2/sites-available/your_domain.conf
    in my case
    sudo nano /etc/apache2/sites-available/000-default.conf

    in the tutorial the configuration configuration file looks for

    ServerName your_domain;

    But in my case it was ServerName @domain;

    I replaced it with:
    ServerName uptownecafe.com
    ServerAlias www.uptownecafe.com

    When I ran:
    sudo apache2ctl configtest
    I got:
    AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
    Syntax OK

    When I tried:
    sudo ufw status
    it returned
    Status: inactive

    I’m not sure how to continue

    Thanks!

    • I can see that the configuration file is okay:

      Syntax OK
      

      You can use netstat to see if the port is open:

      netstat -plunta | grep 443
      

      Let me know how it goes.

      Regards,
      Alex

      • I get:

        tcp 0 1 204.48.26.236:22 140.143.222.95:44438 LAST_ACK

        looks like 443 doesn’t exist

        • You can try to open the port using iptables:

          iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
          
          service iptables save
          
          service iptables restart
          

          Also in the apache config file do you have a block for 443/SSL - <VirtualHost *:443>

          Regards,
          Alex

          • Ok I added
            <VirtualHost *:443></VirtualHost>
            to the config file, the sytax checks out.

            I tried:
            iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT

            it says

            Bad argument `–dport’

You might need to enter it manually instead of copy/paste it because of the “-” before dport.

Regards,
Alex

Hello,@garfield1979

I’m glad you’ve sorted this. :)

Regards,
Alex

Submit an Answer