I've deleted the www.mydomain.net certificate on my server:
sudo certbot delete --cert-name www.mydomain.net
everything went ok (apparently) but it turns out that the deleted www.mydomain.net certificate is still valid in ssl checker and I still have the "name mismatch errors" in my browser when I access my websites.
What can I do ?
Related
Having problems installing PayPalCommerce in OpenCart,
After installing and trying to connect to PayPal I get this error!
"(60) SSL peer certificate or SSH remote key was not OK"
As anybody else come across problem as the server certs are just fine?
As Stated Server Certificats are fine, was thinking of changing the Curl SSL Veerify to False but that would defeat the whole purpose. And as the latest Security 1.2 (whatever abrevation).
Update your certificate authority bundle so that your HTTPS connection to the PayPal API endpoint can verify the connection is trusted.
One can be downloaded here, among other places.
If your attempted connection is using a specific certificate file rather than a CA bundle, delete the old certificate and either obtain the endpoint's current one to use instead or use CA verification of it
I have installed on my raspberry pi apache and wanted to create a new certificate for my domain.
I have created my domain via no-ip and configured the dyndns in the fritzbox settings. I have also created a virtual host and installed certbot with the follwing link:
https://certbot.eff.org/instructions?ws=apache&os=debianstretch
But while executing ""sudo certbot --apache"" I get the following error message:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems: Domain: ""Domain deleted""
Type: unauthorized
Detail: ""Domain deleted"": Invalid response from http://""Domain deleted""/.well-known/acme-challenge/HTptNJcGtYB1e0I7jfNU-a8hAeY2upza0daUrEWP0Po: 404
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
I have tried a lot with some hints but none of these worked for me.
Is there anybody who could help me?
Thanks in advance :)
My website keeps getting "NET::ERR_CERT_DATE_INVALID" error.
I have renewed the certificate using:
sudo certbot certonly --webroot -w /var/www/html -d startuplab.io
and have restarted nginx.
It used to work fine before, my other websites work fine as well.
How do I figure out what went wrong?
Edit:
This tool shows me that certificate expired 21 days ago.
Letsencrypt tells me:
Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/startuplab.io-0001/fullchain.pem. Your cert
will expire on 2019-05-22. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew all of your certificates, run "certbot
renew"
Edit 2:
Aha! My ssl-startuplab.io.conf snippet points to
ssl_certificate /etc/letsencrypt/live/startuplab.io/fullchain.pem;
but certbot has put it into
ssl_certificate /etc/letsencrypt/live/startuplab.io-0001/fullchain.pem;
Does anybody know why this happens? What should I do to fix this and avoid it in the future?
Edit 3:
Just renaming the startuplab.io-0001 folder into startuplab.io fixed the issue. But why did this happen to begin with? How do I make sure it never happens again? I'd appreciate any advice!
For your edit 3, from https://certbot.eff.org/docs/using.html#renewing-certificates emphasis added:
An alternative form that provides for more fine-grained control over the renewal process (while renewing specified certificates one at a time), is certbot certonly with the complete set of subject domains of a specific certificate specified via -d flags. ...
All of the domains covered by the certificate must be specified in this case in order to renew and replace the old certificate rather than obtaining a new one; don’t forget any www. domains! Specifying a subset of the domains creates a new, separate certificate containing only those domains, rather than replacing the original certificate. When run with a set of domains corresponding to an existing certificate, the certonly command attempts to renew that specific certificate.
Your old cert was for startuplab.io AND webacademy.io -- not only the former.
I have installed a new certificate on an existing webserver.
Ran "https://www.sslshopper.com/ssl-checker.html". says the certificate
is 700+ days old.
The domain is "www.infocon-inc.com"
Certificate is SHA2.
Created a free certificated made sure sha256.
using both the configure file and the command line -sha256.
running Apache 2.2+ with openssl 1+
Checked IP Address
checked the firewall https is open port.
restart Apache, everytime I updated the certificate.
Still get "ERR_CERT_AUTHORITY_INVALID" error in the browser.
Site has been up for years.
Any ideas as to where to look for the problem?
The problem was there was in ssl.conf referenced localhost.crt and localhost.key.
I'm having issues trying to renew a recently expired certificate issued with let's encrypt.
I tried launching the following commands:
./letsencrypt-auto renew
and
sudo ./letsencrypt-auto certonly --text --agree-tos --email dev#intuizone.com --renew-by-default --webroot --webroot-path /home/lovegistics -d lovegistics.it
which was the code I used to issue the certificate. Both of the command said that the certificate was succesfully renewed/issued, but it still gives me unsecure connection.
Since I was on WHM, I took a look on the manage SSL page, and it says that the certificate has actually expired yesterday.
The output for the second command:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/lovegistics.it/fullchain.pem. Your cert will
expire on 2016-11-20. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew *all* of your certificates, run
"letsencrypt-auto renew"
I'm sorry, but I lost the output for the first one. Strangely, when I try to relaunch the renew command, it says that the certificates are not due for renewal yet.
How can I renew this certificate?
Thank you all in advance for your help.
EDIT: I restarted the web server (Apache) after each of these commands
Finally I managed to solve my problem. The certificates were created successfully, but since I was on a CPanel server, they must be installed. In the following link there is an explanation directly from the cpanel team with a pearl code to copy-paste and execute when you have generated the certificate.
cpanel forum explanation
Happy coding!
Check certificate:
certbot certificates
Renew command:
certbot renew --force-renewal --cert-name api2.example.in --deploy-hook "sudo service nginx restart"
have to go through a minimum number of measures to [instal Let's Encrypt SSL certificates][1].
First, by accessing active domains such as http:/yourdomain.com:2083 or http:/yourdomain.com/cpanel, go to cPanel.
When you proceed to the protection tab, the Let's Encrypt SSL icon is visible to you.
Click on the + Issue button as soon as you proceed to the Issuing a New Certificate arena.
You've got to click on your domain name then. Email the server when you're done with it. Then pick, and confirm, HTTP-01.
Click the problem button once you finish it.