Let’s Encrypt is a Certificate Authority (CA) that provides a way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It streamlines the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. Currently, the entire process of obtaining and installing a certificate is fully automated on both Apache and Nginx.
In this tutorial, you will use Certbot to obtain a free SSL certificate for Apache on Ubuntu 18.04 and verify that your certificate is set up to renew automatically.
This tutorial uses a separate Apache virtual host file instead of the default configuration file for setting up the website that will be secured by Let’s Encrypt. We recommend creating new Apache virtual host files for each domain hosted in a server, because it helps to avoid common mistakes and maintains the default files as a fallback setup.
To complete this tutorial, you will need:
One Ubuntu 18.04 server set up by following this initial server setup for Ubuntu 18.04 tutorial, including a sudo non-root user and a firewall.
A fully registered domain name. This tutorial will use your_domain as an example throughout. You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.
Both of the following DNS records set up for your server. You can follow this introduction to DigitalOcean DNS for details on how to add them.
your_domain
pointing to your server’s public IP address.www.your_domain
pointing to your server’s public IP address.Apache installed by following How To Install Apache on Ubuntu 18.04. Be sure that you have a virtual host file for your domain. This tutorial will use /etc/apache2/sites-available/your_domain.conf
as an example.
To obtain an SSL certificate with Let’s Encrypt, you need to install the Certbot software on your server. For this tutorial, we’ll usethe default Ubuntu package repositories to install Certbot.
Run the following command, which will install two packages: certbot
and python3-certbot-apache
. The latter is a plugin that integrates Certbot with Apache, so that it’s possible to automate obtaining a certificate and configuring HTTPS within your web server with a single command:
Confirm installation by pressing Y
and then ENTER
to accept.
Certbot is now installed on your server. Next, you’ll verify Apache’s configuration to make sure your virtual host is set appropriately. This ensures that the certbot
client script will be able to detect your domains and reconfigure your web server to use your newly generated SSL certificate automatically.
To automatically obtain and configure SSL for your web server, Certbot needs to be able to locate the correct virtual host in your Apache configuration files. Your server domain name(s) will be retrieved from the ServerName
and ServerAlias
directives defined in your VirtualHost
configuration block.
If you followed the virtual host set up step in the Apache installation tutorial, you should have a VirtualHost block for your domain at /etc/apache2/sites-available/your_domain.conf
with the ServerName
directive already set appropriately.
To check, open the virtual host file for your domain using nano
or your favorite text editor:
Find the existing ServerName
and ServerAlias
lines:
...
ServerName your_domain;
SeverAlias www.your_domain
...
If your ServerName
and ServerAlias
are already set up, then you can exit the text editor and move on to the next step. If you’re using nano
you can do this by pressing CTRL + X
then Y
and ENTER
.
If your current virtual host configuration does not match up, then update it accordingly. After, save and exit the text editor. Then, validate your changes:
If there aren’t any errors with your virtual host file’s syntax, you’ll receive a Syntax OK
response. If you receive an error, reopen the virtual host file and check for any typos or missing characters. Once your configuration file’s syntax is correct, reload Apache to load the new configuration:
With these changes in effect, Certbot will be able to find the correct VirtualHost block and update it.
Next, you’ll update the firewall to allow HTTPS traffic.
If you have the UFW firewall enabled, as recommended by the prerequisite guides, you’ll need to adjust the settings to allow for HTTPS traffic. Apache registers a few UFW application profiles, and you can leverage the Apache Full profile to allow both HTTP and HTTPS traffic on your server.
Verify the type of traffic currently allowed on your server by running the following:
If you followed one of our Apache installation guide, your output will generate the following, this means that only HTTP traffic on port 80
is allowed:
OutputStatus: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Apache ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Apache (v6) ALLOW Anywhere (v6)
To additionally let in HTTPS traffic, allow the Apache Full
profile:
Then, delete the redundant Apache
profile allowance:
Check the status again:
You should receive the following output:
OutputStatus: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Apache Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
Now you’re ready to run Certbot and obtain your certificates.
Certbot provides a variety of ways to obtain SSL certificates through plugins. The Apache plugin will take care of reconfiguring Apache and reloading the configuration whenever necessary. To use this plugin, run the following:
This command will generate a prompt with a series of questions to configure your SSL certificate. First, you’ll be asked to provide a valid email address, this is for the purposes of renewal notifications and security notices:
OutputSaving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): you@your_domain
After you’ve provided a valid email address, press ENTER
and proceed to the next step. You’ll be asked to confirm if you agree to Let’s Encrypt terms of service. Confirm by pressing A
and ENTER
:
OutputPlease read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
Next you’ll be asked if you would like to share your email with the Electronic Frontier Foundation to receive news and other informaiton. If you do not want to subscribe, press N
, otherwise press Y
and then ENTER
to proceed to the next step:
OutputWould you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
The prompt will inform Certbot about which domains you’d like to activate HTTPS for. The list of domain names are automatically taken from your Apache virtual host configuration. This is why it was important to confirm you have the correct ServerName
and ServerAlias
settings configured in your virtual host. If you’d like to enable HTTPS for all listed domain names (recommended), leave the prompt blank and press ENTER
to proceed. Otherwise, select the domains you want to enable HTTPS for by listing each appropriate number, separated by commas and/or spaces, then press ENTER
:
OutputWhich names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your_domain
2: your_domain
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
You’ll receive the following output:
OutputObtaining a new certificate
Performing the following challenges:
http-01 challenge for your_domain
http-01 challenge for your_domain
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/your_domain-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/your_domain-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/your_domain-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/your_domain-le-ssl.conf
Next, you’ll be asked to select whether or not you want HTTP traffic directed to HTTPS. This means that when someone visits your website through unencrypted channels (HTTP), they’ll automatically be redirected to the HTTPS address of your websites. Choose 2
to enable the redirection, or 1
if you want to keep HTTP and HTTPS as separated methods for accessing your website:
OutputPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
After entering your response, Certbot’s configuration will finish. You’ll receive final remarks about your new certificate, where to locate the generated files, and how to test your configuration using an external tool to analyze your certificate’s authenticity:
OutputCongratulations! You have successfully enabled https://your_domain
and your_domain
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=your_domain
https://www.ssllabs.com/ssltest/analyze.html?d=your_domain
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/your_domain/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/your_domain/privkey.pem
Your cert will expire on 2022-03-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Your certificates are downloaded, installed, and loaded into Apache’s configuration. Try reloading your website using https://
and notice your browser’s security indicator. It should indicate that the site is properly secured, usually with a lock icon in the address bar.
You can use the SSL Labs Server Test to verify your certificate’s grade and obtain detailed information about it, from the perspective of an external service.
In the next step, you’ll test the auto-renewal feature of Certbot, which guarantees your certificate will auto-renew before the expiration date.
Let’s Encrypt certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process and ensure that misused certificates or stolen keys will expire sooner than later.
The certbot
package you installed takes care of renewals by including a renew script to /etc/cron.d
, which is managed by a systemctl
service called certbot.timer
. This script runs twice a day and will automatically renew any certificate that’s within thirty days of expiration.
Check the status of this service and make sure it’s active and running:
You’ll receive output similar to the following:
Output● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: en
Active: active (waiting) since Tue 2021-12-07 20:04:42 UTC; 1h 45min ago
Trigger: Wed 2021-12-08 11:22:45 UTC; 13h left
Dec 07 20:04:42 encrypt systemd[1]: Started Run certbot twice daily.
Test the renewal process by doing a dry run with certbot
:
If you receive no errors, you’re all set. When necessary, Certbot will renew your certificates and reload Apache to pick up the changes. If the automated renewal process ever fails, Let’s Encrypt will send a message to the email you specified, warning you when your certificate is about to expire.
In this tutorial, you installed the Let’s Encrypt client certbot
, configured and installed SSL certificates for your domain, and confirmed Certbot’s automatic certificate renewal service is active within systemctl
. If you have further questions about using Certbot, their documentation is a good place to start.
Get Ubuntu on a hosted virtual machine in seconds with DigitalOcean Droplets! Simple enough for any user, powerful enough for fast-growing applications or businesses.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
certbot is now in standard ubuntu repository. No need to add ppa repository. Use python3-certbot-apache plugin from standard reepository.
Hi,
I have got two sites running on VirtualHosts. (/var/www/site1 and /var/www/site2) I want to get a SSL for them. When I try to
sudo apache2ctl configtest
I get this warning:AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 192.168.2.8. Set the ‘ServerName’ directive globally to suppress this message Syntax OK
What can I do to fix this?
Greetings.
This comment has been deleted
How would I add wildcard dns?
I followed your procedure and it worked like a charm except … I have a WebSocket app behind my Nginx reverse proxy server. My app runs flawlessly in Chrome but Firefox won’t even load it. The issue revolves around communicating with ws over https. Firefox ran the app flawlessly prior to my encrypting my Nginx reverse proxy server. How do you suggest I proceed? Encrypting my Haskell server and Cycle.js front end would be difficult - for me anyway.
Hi There,
Thanks the tutorial. However, I tried installing certbot with the instructions given but it kept showing error messages:
What am I doing wrong?
I don’t know if you ever figured this out, but I thought I would reply for you or anyone else who might read this.
In the first line of your code:
You have an extra space between ‘apt -repository.’ It should be ‘add-apt-repository’ as all one word, like this:
Small typos like that are common!
Yes the part to install certbot does not work. So when I run this: sudo add-apt-repository ppa:certbot/certbot
I get this: Hit:1 http://archive.ubuntu.com/ubuntu bionic InRelease Hit:2 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease Get:3 http://archive.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB] Get:4 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB] Fetched 172 kB in 5s (31.4 kB/s) Reading package lists… Done
everything sees to be ok so far … however when I run this: sudo apt install python-certbot-apache
I get this: The following packages have unmet dependencies: python-certbot-apache : Depends: python3-certbot-apache but it is not going to be installed E: Unable to correct problems, you have held broken packages.
I have done everything prior to this on the main How to setup Owncloud on Ubuntu 18.04 …which by the way is very time consuming just to be stuck at a dead end now. I am using Ubuntu 18.04 server.
any help with this would be great thanks!
Instead of using PPA I used this: “sudo apt install python-certbot-apache”
For anyone getting the following error on the installation of the Certbot’s Apache packages in Ubuntu 18.04
You will have to add the “Universe” repository using the following command:
Also, make sure your system is up to date (sudo apt update + sudo apt upgrade).
You are missing before step one a very important step:
sudo apt-get install -y software-properties-common
GLHF
You say as a prerequisite; “A fully registered domain name. This tutorial will use example.com throughout. You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.”
But although I have a web application and a domain name, because it is in an hosting server, I cannot intervene the configurations of server. Just testing purpose, how can I simulate and experience this process in my “local” system? Is there any way?
I think I followed the tutorial carefully and didn’t notice the error messages that the other users experienced, but I just get ‘Unable to connect’ messages. Can you point out where I might have gone wrong.
Same here. The only thing I can add is that my site is new so i chose option 2 asking certbot to redirect traffic over HTTPS. As soon as I did this, my website running fine on HTTP became unreachable, giving a timeout error, even if I try accessing it with the same URL as before… Hopefully, I’ll figure out what went wrong and will update here with the solution.
EDIT 1
First of all, I think one has to adapt the config file for the VirtualHost proposed in the previous Digital Ocean tutorial to include the SSL port (443) instead of the standard HTTP one (80). I tried to modify mine like this (see below) as proposed in the official Apache docs, restarted apache, but still no website. Will hopefully come back soon!
SOLUTION Ok, in my case I had to add a rule for port HTTPS to my service group in the Amazon EC2 console (I am using an Amazon EC2 instance). Hope this is helpful!
I also tried to overwrite my conf file with the original found on the same Digital Ocean tutorial I pointed out before, having my VirtualHost pointing to port 80 again, and everything seems to be running flawlessly! So I guess the tutorial is fine, just remember to add port HTTPS rule Inbound in the Security Group if you have an Amazon EC2 instance like me. Cheers!
This also worked for me! For lightsail, you want to go to networking, then just add a rule for https
tell me please how you add a rule for https
How would I make it so my website would use https automatically rather then http?
It will prompt you when certbot is fetching the certificates.
If you’re not doing this step, check out this article in the Apache Wiki.
i seem to be getting an error - i had certbot already installed however it got expired 2 days back - now i am trying to go through this process however i seem to be getting error and not able to renew the ssl.
If your certificates are expired, you can run
If that doesn’t work, read this.
EDIT: To avoid doing this again, you can set up automatic renewal.
I successfully installed the certificate on a wordpress site and it works except for the fact that I now have no images, css so all that is displayed on screen is text, unstyled text! WTF?
I’m suspecting that these page assets are hardlinked to their old http URLs? They should be pointed to the new https URLs. Alternatively, you can configure your web server to automatically redirect all http traffic to https.
I noticed that I started to get a warning message on my droplets from certbot stating that TLS-SNI-01 authentication was deprecated and would stop working soon:
https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209
You can force a new certificate to be issued using a supported authentication type with this command:
https://community.letsencrypt.org/t/how-to-change-certbot-verification-method/56735
How to do this in multiple sites. I already have the first one setup but I get and error when I do it again on another domain name.
I found your instructions to be the best on the net. Thank you! I have a server up and running in multi-site config ubuntu 18 using Let’s encrypt ssl. The ssl is up and running for 2 months. I ran the dry-run renewal and got errors that seem to be timing out when fetching .wellknown/acme-challenge/ file. I backed up a few steps and also did apache2 config test and got error below. When I first installed ssl the dry run ran perfectly. firewall is set properly as per above instructions too.
Error: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message Syntax OK
My etc/hosts file says 127.0.0.1 localhost 127.0.1.1 myusername
I checked the mysitename.conf file in sites-enabled directory and everything is perfect on it. What else can I check.
Hi …
I had the same problem and solved by adding the following line into
/etc/apache2/apache2.conf file:
ServerName localhost
Thanks for this amazing tutorial, I’ve followed all the steps and there have been no problems. Actually I have a questions. How can I create a wildcard certificate using Certbot? I think it could be using sudo certbot --apache -d .example.com -d www..example.com but I not really sure.
Please refer to the certbot documentation, you need to install a DNS plugin https://certbot.eff.org/. Then select your server and system and read the instructions carefully
I am using ubuntu14.04.1, your instruction not work:
sudo apt install python-certbot-apache Reading package lists… Done Building dependency tree
Reading state information… Done E: Unable to locate package python-certbot-apache
but this works
I got the following errors: Detail: unknownHost :: No valid IP addresses found for mysite.net Detail: dns :: DNS problem: NXDOMAIN looking up A for www.mysite.net I believe this is because I did not set up the dns records. I have corrected this and would like to know how do I check if I have corrected the problem. Can I run the following command: sudo certbot --apache -d mysite.net -d www.mysite.net ? Thanks
Setting up the dns records corrected the problem. Issuing the command: sudo certbot --apache -d mysite.net -d www.mysite.net completed step 4and everything is OK.
Sorry if this is a dumb question but when, in Step 1, you say to add Certbot software to my server, you mean the DO Droplet, right? Not my own local computer?
Just want to make sure I understand correctly and that I should SSH into my DO server to run these commands.
Please verify. Thank you!
Answered my own question … yes, use SSH and do this stuff.
However, although everything worked and I got and A+ from SSL Labs, I cannot connect to my url. It get an error: This page isn’t working. XXX redirected you too many times.
Clearing cookies, as the error suggests, doesn’t do anything.
Any help?
This comment has been deleted
Works on 2019. Really thank u
I have a strange issue… I use virtual hosts to serve 3 website with ssl, 2 of them work without issues, but the last one get a error 500 when visiting it. I copied the conf files from the other ones, apachectl give syntax ok… I don’t understand…
Very helpful, thanks!
I chose 2. But why following requests still use http requests, and not redirected to https a) <Ip-Address of my domain> (this doesn’t redirect to https) b) http://www.<myWebsite>.com:8080 (this doesn’t redirect to https://) c) If I use https://www.<myWebsite>.com:8080/ I get
This site can’t provide a secure connection
How to fix these?
“ServerName your_domain;” in the tutorial you linked to there was no ;
Nice writeup, thank you. To redirect all traffic on your website to the HTTPS flow you need to do a few things more. 1 is to create a .htaccess file in the folder that holds the root of the files of the website you publish. e.g. /var/www/mysuperwebsite/.htaccess and in that file you should add the next lines:
#Force www: RewriteEngine on RewriteCond %{HTTP_HOST} !^www. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
#ALL trafic to https protocol RewriteEngine on RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
As the RewiteEngine is needed to do the rewriting, it must be enabled in apache. You can see if its allready done by checking the map /etc/apache2/mods-enabled if it contains the file rewrite.load it’s allready on. If not, it should be located in /etc/apache2/mods-available. To activate it run the command sudo a2enmod rewrite and it is then in the /etc/apache2/mods-enabled folder. Restart apache with the command systemctl restart apache2 and now all trafic will be https. So http://mysuperwebsite.com will be rewritten to https://www.mysuperwebsite.com and http://www.mysuperwebsite.com will be rewritten to https://www.mysuperwebsite.com
If you don’t activate mod_rewrite than you get an internal server failure. Out of the box on an clean install it’s off! So you have to enable it to use https!
Thank you so much for this very useful tutorial !
When I run: sudo certbot --apache -d your_domain -d www.your_domain It has error: cerbot: command not found
How to check my cerbot installation correct or not ?
This comment has been deleted
Works on 2019. Really thank u
I have a strange issue… I use virtual hosts to serve 3 website with ssl, 2 of them work without issues, but the last one get a error 500 when visiting it. I copied the conf files from the other ones, apachectl give syntax ok… I don’t understand…
Very helpful, thanks!
I chose 2. But why following requests still use http requests, and not redirected to https a) <Ip-Address of my domain> (this doesn’t redirect to https) b) http://www.<myWebsite>.com:8080 (this doesn’t redirect to https://) c) If I use https://www.<myWebsite>.com:8080/ I get
This site can’t provide a secure connection
How to fix these?
“ServerName your_domain;” in the tutorial you linked to there was no ;
Nice writeup, thank you. To redirect all traffic on your website to the HTTPS flow you need to do a few things more. 1 is to create a .htaccess file in the folder that holds the root of the files of the website you publish. e.g. /var/www/mysuperwebsite/.htaccess and in that file you should add the next lines:
#Force www: RewriteEngine on RewriteCond %{HTTP_HOST} !^www. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
#ALL trafic to https protocol RewriteEngine on RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
As the RewiteEngine is needed to do the rewriting, it must be enabled in apache. You can see if its allready done by checking the map /etc/apache2/mods-enabled if it contains the file rewrite.load it’s allready on. If not, it should be located in /etc/apache2/mods-available. To activate it run the command sudo a2enmod rewrite and it is then in the /etc/apache2/mods-enabled folder. Restart apache with the command systemctl restart apache2 and now all trafic will be https. So http://mysuperwebsite.com will be rewritten to https://www.mysuperwebsite.com and http://www.mysuperwebsite.com will be rewritten to https://www.mysuperwebsite.com
If you don’t activate mod_rewrite than you get an internal server failure. Out of the box on an clean install it’s off! So you have to enable it to use https!
Thank you so much for this very useful tutorial !
When I run: sudo certbot --apache -d your_domain -d www.your_domain It has error: cerbot: command not found
How to check my cerbot installation correct or not ?
Attempting To test the renewal process, you can do a dry run with certbot: sudo certbot renew --dry-run This instruction freaks out and says that nginx has to be installed. If you are running apache and install nginx prepare yourself for port issues and all kinds of other mysterious issues to occur.
Any suggestions to not have to install nginx which isn’t included in the tutorial?
Hello, I followed this tutorial but when I run
sudo certbot --apache -d your_domain -d www.your_domain
I get this error ``` An unexpected error occurred: The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.In DO’s control panel, under Account->Security, there’s a feature to add a certificate using Let’s Encrypt. I guess that would save us the trouble of going through the whole process of installing and running certbot. However, there’s no guide on how to set up Apache to use the certificates created that way.
Error : Could not reverse map the HTTPS VirtualHost to the original
IMPORTANT NOTES:
Any help will be appreciated.
Thanks
For those who don’t get a grade A in your SSL Test, you need to disable TLS 1.0, 1.1 and 1.3 in your Let’s Encrypt certificates.
Run
sudo nano /etc/letsencrypt/options-ssl-apache.conf
Then add
-TLSv1
,-TLSv1.1
and-TLSv1.3
next toSSLProtocol
if not listed.After that, run another dry renewal of the certificates (instructions in Step 5), then restart Apache just to be safe.
For anyone struggling to get Certbot to work with Cloudflare’s DNS, following these instructions worked like a charm! https://certbot.eff.org/lets-encrypt/ubuntubionic-apache.html
Perfect! With this tutorial, i was able to configure two domains with ssl on the same server!
This is very out of date and completely useless to me.
Servername yourdomain
does not exist. It is autopopulated with literalServername $domain
and it seemed to work. Moreover, replacing $domain it with my literal domain name did not work: it still reports “could not reliably determine the server’s fully qualified domain name…”ufw status
output only shows port/protocol ex: “22/tcp LIMIT Anywhere”I changed my domain URLs in WordPress to https: from http: and now I can’t access my wp-admin interface. I already had LetsEncrypt active, so I don’t know why my website was loading http: still.
I am getting the following error when installing Let’s Encrypt SSL on my domain:
Waiting for verification… Challenge failed for domain linuxbuz.com dns-01 challenge for linuxbuz.com Cleaning up challenges Some challenges have failed.
Hi, is there any way to get this working without adding the A record to www.mydomain.com? Just with the non-www domain? I am trying to do so but not getting it right. Thanks
For those who are getting errors with certbot 404, please use this to install certbot for Ubuntu 20.04 or above https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx
I am getting error “Domain verification failed. Review your TLS Certificate configuration to confirm that the certificate is accessible and a supported TLS Cipher Suite is used”
Can any one Please help.
Challenge failed for domain www.nerdprogrammer.tech http-01 challenge for www.nerdprogrammer.tech Cleaning up challenges Some challenges have failed.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: www.nerdprogrammer.tech Type: unauthorized Detail: Invalid response from http://www.nerdprogrammer.tech/.well-known/acme-challenge/7o1WvdhkKJg8It4pBA6aEjkBYAVScKs7ZFJLVEsxn5Q [162.215.226.3]: “\n<html><head><meta name="viewport" content="width=device-width,initial-scale=1"></head><frameset border="0" rows="100%,*" cols="”
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
I am getting this error. What to do?