I have a website which certificate expired today, and I need to renew it but I need help.
I added a new certificate on my digitalocean account that's supposed to expire in April but it still says that my certificate expired on my website.
What else do I need to do to renew my certificate?
Thanks in advance!
Did you reload apache/nginx? The config for apache (what I tend to use) will not be reread until you either stop then start or do a restart (systemctl restart httpd)
Related
I'm using ISPConfig 3 and all certificates are renewing automaticly, except one. I'd disabled SSL (and Let's Encrypt) for this Website, removed the Certs in /etc/letsencrypt for that Site and enabled it again. But it's still using the old cert and not renewing it. And now the browser show that it's a not acceptable cert for this site.
How can i fix it (renew) it?
Thanks!
Found a solution:
Disabled Let's Encrypt for this site in ispconfig Admin Panel
Removed the cert and the renewal file in /etc/letsencrypt/renewal and /etc/letsencrypt/certs for this site
Enabled let's encrypt for the site again in ispconfig configuration.
Done!
this is good but:
Disabled Let's Encrypt for this site in ispconfig Admin Panel
Removed the cert and the renewal file in /etc/letsencrypt/renewal and /etc/letsencrypt/certs for this site
Enabled let's encrypt for the site again in ispconfig configuration.
Previuos solution is missing for a step:
must be remove the cert file in /etc/letsencrypt/archive and /etc/letsencrypt/live
otherwise ispconfig create the new config file in /etc/letsencrypt/renewal be because old certificate still existing new certificate will not be generated
I'm trying to have https for a website which is hosted in AWS EC2. I have followed the steps mention in the following link.
https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
But still its showing the privacy thing to all user who are visiting the website. How can make the certificate as trusted or how long it will take Amazon to make it a trusted one.
Please help me to solve this. I'm stuck with this for last 2 days. Answers will be appreciated and Thank you.
You can use AWS Certificate Manager to issue free SSL certificate signed by AWS Certificate Authority. However for this to work, you need to use a Load Balancer and attach the certificate to the Load Balancer which will forward the traffic to the EC2 instance.
Depending on your requirements you may wish to use SSL termination on an Elastic Load Balancer (ELB) instead.
This involves creating a free AWS certificate and an ELB. Attach both your instance the certificate to the ELB with HTTPS forwarded to port 80 on your instance.
Then just point your DNS name to the ELB. If you're using Route53 then you can just use an A-record alias.
Edit: If you want to automatically direct HTTP to HTTPS you'll need to check the X-Forwarded-Proto header in Apache's .htaccess file. More information here.
The certificate which you are using is a "Self Signed Certificate (https://en.wikipedia.org/wiki/Self-signed_certificate)".
In order to get rid of insecure certificate or privacy issues on HTTPS, you need to get your CSR signed from a trusted CA like Comodo, Godaddy etc.
Ref -
https://in.godaddy.com/help/apache-generate-csr-certificate-signing-request-5269
https://help.comodo.com/topic-437-1-843-10843-.html
OR
In case you want free verified SSL certificates, "letsencrypt" is the way to go.
https://letsencrypt.org/
You don't need to pay anyone for a certificate. Just use LetsEncrypt and their CertBot ACME client. The CertBot automates the task of issuing and renewing certificates.
LetsEncrypt is the leading free SSL certificate authority (CA) and their certs are as good as any paid cert.
My Let's Encrypt --standalone server is serving over HTTP only.
When I generate the certs in standalone mode it works fine. Obviously when you generate certs you don't have any so HTTP only makes sense.
My question is, when I run ..
letsencrypt renew
Does the renew command work with HTTP only? or does the renew command expect the server to be serving over HTTPS?
As a secondary question, why bother with the renew command? Why cant I just generate new certs with the --standalone option each time my certs expire?
Many thx for your insight
The answer is NO it does not. You can fire off a renewal immediately after generating a cert over HTTP only.
I'm having issues trying to renew a recently expired certificate issued with let's encrypt.
I tried launching the following commands:
./letsencrypt-auto renew
and
sudo ./letsencrypt-auto certonly --text --agree-tos --email dev#intuizone.com --renew-by-default --webroot --webroot-path /home/lovegistics -d lovegistics.it
which was the code I used to issue the certificate. Both of the command said that the certificate was succesfully renewed/issued, but it still gives me unsecure connection.
Since I was on WHM, I took a look on the manage SSL page, and it says that the certificate has actually expired yesterday.
The output for the second command:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/lovegistics.it/fullchain.pem. Your cert will
expire on 2016-11-20. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew *all* of your certificates, run
"letsencrypt-auto renew"
I'm sorry, but I lost the output for the first one. Strangely, when I try to relaunch the renew command, it says that the certificates are not due for renewal yet.
How can I renew this certificate?
Thank you all in advance for your help.
EDIT: I restarted the web server (Apache) after each of these commands
Finally I managed to solve my problem. The certificates were created successfully, but since I was on a CPanel server, they must be installed. In the following link there is an explanation directly from the cpanel team with a pearl code to copy-paste and execute when you have generated the certificate.
cpanel forum explanation
Happy coding!
Check certificate:
certbot certificates
Renew command:
certbot renew --force-renewal --cert-name api2.example.in --deploy-hook "sudo service nginx restart"
have to go through a minimum number of measures to [instal Let's Encrypt SSL certificates][1].
First, by accessing active domains such as http:/yourdomain.com:2083 or http:/yourdomain.com/cpanel, go to cPanel.
When you proceed to the protection tab, the Let's Encrypt SSL icon is visible to you.
Click on the + Issue button as soon as you proceed to the Issuing a New Certificate arena.
You've got to click on your domain name then. Email the server when you're done with it. Then pick, and confirm, HTTP-01.
Click the problem button once you finish it.
I am running an EC2 instance on amazon with centos as my operating system.
My SSL certificate expired so I renewed it. For some reason it wasn't saying that it was renewed so I tried rekeying it. Once I did that I downloaded the new crt and chain file form godaddy uploaded to my server and updated my virtual host to point to the new files. I then restarted apache and still when I go to the domain it says that my SSL is expired.
I tried rebooting the server and still no luck.
is there something I am missing?
It ended up that this server was behind a load balancer with just one server so the ssl ticket was being server from the load balancer and not the server! WOW
You don't need to rekey it. You just need to generate a new CSR from the existing key, have it signed, and import the signed CSR the same way you did before.