certbot installation

Issues related to configuring your network
Post Reply
mahmood
Posts: 122
Joined: 2017/06/04 12:21:09

certbot installation

Post by mahmood » 2019/04/13 12:56:19

On I fresh installation, I did

Code: Select all

yum -y install httpd
systemctl start httpd
firewall-cmd --add-service=http
firewall-cmd --add-service=https
Then I entered http://W.X.Y.Z and http://test.domain.com and I was able to see the welcome page. So, everything is fine now.

Then I tried to use lets-encrypt and followed the steps described in certbot page [1].

Code: Select all

yum install certbot python2-certbot-apache
certbot --apache
Then it asked some questions
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): addr@domain.com
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA ... 5-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): test.domain.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test.domain.com
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.

Now, when I enter https://test.domain.com, I get this warning in browser

The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

So, self-signed?!

I have read in the we pages that this means the certificate has not been installed. What else should I do?

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: certbot installation

Post by avij » 2019/04/13 14:42:59

Did you restart the httpd service afterwards?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: certbot installation

Post by TrevorH » 2019/04/13 14:52:23

In firefox, if you click on the padlock next to the urlbar, you can click the arrow to go to the next page then pick "Moire Information" and get a dialog box up with a "View Certificate" button. The details on that should show you if you are using the certificate you think you are.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mahmood
Posts: 122
Joined: 2017/06/04 12:21:09

Re: certbot installation

Post by mahmood » 2019/04/13 15:18:13

Did you restart the httpd service afterwards?
Yes. See the same things.
The details on that should show you if you are using the certificate you think you are.
Please see the picture. I don't see any thing wrong.

Actually, I am thinking about statements during the rum

Performing the following challenges:
http-01 challenge for test.domain.com
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Attachments
Untitled.png
Untitled.png (62.77 KiB) Viewed 1803 times

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: certbot installation

Post by TrevorH » 2019/04/13 15:44:48

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
So it failed and didn't install a new cert. You're still using the old default self-signed one that gets set up by default.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply