I am trying to set up our EC2 instance with an SSL. Non-SSL web traffic has always been fine.
I'm following the tutorial here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html
On step 2 part 5 it says to remove the old certificate from /etc/pki/tls/certs and place the new certificate here.
Remove the old self-signed host certificate localhost.crt from the /etc/pki/tls/certs directory and place the new CA-signed certificate there (along with any intermediate certificates).
Unfortunately I get permission denied errors when attempting both. I've tried through console SSH and through FileZilla SSH, and as expected, both have the same problem. I'm logged in as ec2-user.
I'm able to create / modify / delete files in other directories, such as the public web folders etc, but this directory seems to have more protection.
Does anyone know how to get the necessary permissions in this directory so I can complete setup?
Related
I am trying to renew my SSL Cert on Gcloud VM Instance SSH with Bitnami. But it's giving me the
"Please type a directory that contains a Bitnami installation. The default installation directory for Linux installers is a directory inside /opt."
every time i run the bncert-tool
I have followed the steps to try and revert to backup files as directed in this post (thinking i might have did it poorly last time) I copied the backup file to the bitnami.conf and httpd.conf but I still get the same error.
Copying contents of the backup file is this right?
Please help, my ssl expires in 15 days! Is it not easier to just get SSL Through Wordpress plugin? Is it possible to remove this Bitnami SSL Completely?
I have already successfully installed certbot and have a working digital certificate. I was wondering how do I go about adding domain names to the certificate or do I need to recreate the certificate again?
I don't want to mess up the existing certificate. I haven't tried running this code yet I want to verify the process before I continue. I tried searching this and Google and my results were kind of confusing.
sudo certbot –apache -d mydomain.xyz -d mydomain2.xyz -d www.mydomain.xyz
SSL certificates cannot be modified once issued. They can be replaced with new certificates.
If you run the identical or modified certbot command, your existing certificate will not be modified or deleted. The certbot command will create a new certificate and store the certificate under a different name. Certbot stores certificates and additional files under the directory tree /etc/letsencrypt. You can archive/backup those files. Look at the archive and live folders.
Typically, your webserver will use symbolic links to point to the Let's Encrypt folder instead of copying the certificate to an Apache/Nginx folder.
How to manually install SSL certificate without Cpanel access on Centos 7/Apache? My Cpanel license is expired (simply have no money), so I can't login and can't use WHM API (command line) because API try to read Cpanel license file.
The certificate is already stored on system (issued by Lets Encrypt plugin). But I don't know how to make it effective on my site since Apache config folder is different on Cpanel system. What file should I edit to input my cert address?
Certificate is stored at: /etc/letsencrypt/live/mydomain.com/fullchain.pem
Private key is stored at: /etc/letsencrypt/live/mydomain.com/privkey.pem
Note: I use Engintron (Nginx Cpanel plugin), don't know if this change anything. I have root access.
I got to install SSL certificate (by Let's Encrypt) on cPanel directly by running Certbot-Auto command on SSH screen. Certbot-Auto will generate certificate and install it. It is very simple: https://certbot.eff.org/docs/install.html#certbot-auto.
I had to delete the old expired certificates from my /home/mydomain/ssl folder to avoid conflict. I don't know how things are inside cPanel cause I still have no license to access. I will renew license soon, but can't stop working on my site just because I have no SSL.
I have purchased ssl certification for my website. As an initial process, I have created a CSR and KEY file and presented it to the certification provider. Upon receiving the certification, I have copied all the files including the .key, .csr, .crt files into a folder by name certs.
While removing unnecessary files from the drive, I accidentally deleted the certs folder also. I have the .crt files in my local machine, Can i retrieve the .key file and the cert folder.
I tried using extundelete and used the following command.
sudo extundelete --restore-directory /home/ubuntu/certs /dev/sda1
I don't understand the /dev/sda1 part. Is there any chance where I could retrieve the files? The folder was in EC2 Ubuntu instance.
Please help.
Forget the old certificate and get new free one via https://letsencrypt.org/
via Namecheap I have my SSL certificates (POSITIVESSL Comodo) which run on my Nginx webserver to offer https to my clients. This worked like a charm until my certificate expired.
Now I tried to install a new certificate, but whatever I try, the old one is being loaded.
What I did.
Removed all the old certificate files (.key, .crt, .csr)
Using this tutorial creating a new key files.
Entered that file into the Namecheap SSL panel to generate new SSL certificates (which arrived, and show to be valid from 11/26/2012 to 12/26/2013.
Go to my certificates directory, put in the 3 .crt files I got.
Using this tutorial i bundled all the .crt files into 1 .pem file.
Check my nginx.conf to confirm all the paths to the .key & .pem file are correct
Restart nginx
I even tried to change the file names, to ensure they cannot conflict with the old ones, but still my old certificates are being loaded. I have used tools like: http://www.digicert.com/help/ to test the certs, also there the old ones are still being loaded.
Apart from Nginx, should I restart anything else to ensure the new files are being loaded correctly?
Issue has been resolved, the DDOS protection proxy also needed to be updated.