HELP! Cannot get 123-reg SSL Certificate activate on my Linode server
Back in the day, before I knew about the wonders of Linode, I hosted all of my websites via 123-reg. Over that time, I purchased SSL Certs for a few of the sites I was hosting.
After I discovered Linode, I setup an account and began moving over sites slowly but surely. I have moved most of my sites over and, recently, I moved over the first site that had an SSL certificate. Naturally, went I moved the server the SSL certificate was no longer active.
I contacted 123-reg and they provided be with the CA Bundle, the key and the certificate itself. My server is Debian and I followed the following tutorials to setup SSL on my site:
Despite following each step seemingly correctly, my SSL certificate is still not active.
Can anyone provide any insight? I'm fairly new to 'DevOps' and sysadmin-esque stuff so I'm not entirely sure how to approach the problem.
Thank you in advance.
6 Replies
In example with Nginx you will need to stack your bundle in specific order.
Also - when you say "not active" - what do you mean? Is your site showing as http? Or is it not loading at all?
Apologies, the site loads fine with regular old http, but is 'insecure' with https.
If you are on nginx then you are looking to have similar configuration:
### SSL certs
ssl on;
ssl_session_cache shared:SSL:1m;
ssl_certificate /ssl_keys/your_domain_name.crt;
ssl_certificate_key /ssl_keys/your_domain_name.pem;
ssl_password_file /ssl_keys/your_domain_name.pwd;#optional
ssl_ecdh_curve secp521r1;#your might be different
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /ssl_keys/your_domain_name.bundle.crt;
Then you will have to configure forwarding (which I presume you already have configured).
You can test your site with
I tried running my site through that website and simply received:
> Assessment failed: No secure protocols supported
You will need to add some stuff to your Apache config (/etc/apache2/sites-available/) to get it working. Posted below is a config from one of my sites(Changed the domain) running on Apache.
<virtualhost example.org:443="">ServerName example.org
ServerAdmin admin@example.org
DocumentRoot /var/www/html/example.org/
DirectoryIndex index.html index.php
ErrorLog logs/example.org.error.log
CustomLog logs/example.org.access.log combined
SSLEngine on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/letsencrypt/live/example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem</virtualhost>
You will need to make the following changes and add them to your Apache config for the domain you are setting up.
for the example above the config file should be located "/etc/apache2/sites-available/example.com.conf"
Create a new virtualhost config block for port 443 in your sites config file "/etc/apache2/sites-available/example.com.conf". You can copy/paste your existing virtualhost block for the domain then change the port from 80 to 443
SSLEngine on Enables Secure connection
SSLProtocol all -SSLv3 Disabled SSL v3, Recommended
SSLProxyProtocol all -SSLv3 Disabled SSL v3, Recommended
SSLCertificateFile /path to ssl cert Should point to your SSL Public Cert
SSLCertificateFile /path to ssl private key Should point to your SSL Private key
Once the config has been changed run the command "sudo a2ensite example.com.conf" to enable tie site. That command may fail due to the site already being enabled. The last step is to run "sudo systemctl restart apache2"
This should enable SSL for your site. The other stuff I have listed in the example config above that are not already listed in your existing config are optional.