HELP! Cannot get 123-reg SSL Certificate activate on my Linode server

Hello everyone,

Back in the day, before I knew about the wonders of Linode, I hosted all of my websites via 123-reg. Over that time, I purchased SSL Certs for a few of the sites I was hosting.

After I discovered Linode, I setup an account and began moving over sites slowly but surely. I have moved most of my sites over and, recently, I moved over the first site that had an SSL certificate. Naturally, went I moved the server the SSL certificate was no longer active.

I contacted 123-reg and they provided be with the CA Bundle, the key and the certificate itself. My server is Debian and I followed the following tutorials to setup SSL on my site:

https://www.linode.com/docs/security/ss … and-ubuntu">https://www.linode.com/docs/security/ssl/obtain-a-commercially-signed-ssl-certificate-on-debian-and-ubuntu

https://www.linode.com/docs/security/ss … ian-ubuntu">https://www.linode.com/docs/security/ssl/ssl-apache2-debian-ubuntu

Despite following each step seemingly correctly, my SSL certificate is still not active.

Can anyone provide any insight? I'm fairly new to 'DevOps' and sysadmin-esque stuff so I'm not entirely sure how to approach the problem.

Thank you in advance.

6 Replies

What web server are you hosting on?

In example with Nginx you will need to stack your bundle in specific order.

Also - when you say "not active" - what do you mean? Is your site showing as http? Or is it not loading at all?

I'm currently running Debian 8.

Apologies, the site loads fine with regular old http, but is 'insecure' with https.

That most likely means you have problem with your ssl bundle.

If you are on nginx then you are looking to have similar configuration:

    ### SSL certs
    ssl on;
    ssl_session_cache shared:SSL:1m;
    ssl_certificate /ssl_keys/your_domain_name.crt;
    ssl_certificate_key /ssl_keys/your_domain_name.pem;
    ssl_password_file /ssl_keys/your_domain_name.pwd;#optional
    ssl_ecdh_curve secp521r1;#your might be different
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /ssl_keys/your_domain_name.bundle.crt;

Then you will have to configure forwarding (which I presume you already have configured).

You can test your site with https://www.ssllabs.com/ssltest/ - it should give you some meaningful description of issue with your ssl certs.

Apologies, I should have also clarified that I am running apache.

I tried running my site through that website and simply received:

> Assessment failed: No secure protocols supported

Unfortunately I won't be able to help with Apache, sorry :-) but my guess would be you need to configure vhost that talks ssl, and I am not sure if you can have more than one vhost with ssl (in old days there used to be problems with that).

I am not too famillar with how Debian distros do stuff but if your site works using plain http then getting SSL working should be easy.

You will need to add some stuff to your Apache config (/etc/apache2/sites-available/) to get it working. Posted below is a config from one of my sites(Changed the domain) running on Apache.

 <virtualhost example.org:443="">ServerName example.org
    ServerAdmin admin@example.org
    DocumentRoot /var/www/html/example.org/
    DirectoryIndex index.html index.php
    ErrorLog logs/example.org.error.log
    CustomLog logs/example.org.access.log combined
    SSLEngine on
    SSLProtocol all -SSLv3
    SSLProxyProtocol all -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite PROFILE=SYSTEM
    SSLProxyCipherSuite PROFILE=SYSTEM
    SSLCertificateFile /etc/letsencrypt/live/example.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem</virtualhost> 

You will need to make the following changes and add them to your Apache config for the domain you are setting up.

for the example above the config file should be located "/etc/apache2/sites-available/example.com.conf"

Create a new virtualhost config block for port 443 in your sites config file "/etc/apache2/sites-available/example.com.conf". You can copy/paste your existing virtualhost block for the domain then change the port from 80 to 443

SSLEngine on Enables Secure connection

SSLProtocol all -SSLv3 Disabled SSL v3, Recommended

SSLProxyProtocol all -SSLv3 Disabled SSL v3, Recommended

SSLCertificateFile /path to ssl cert Should point to your SSL Public Cert

SSLCertificateFile /path to ssl private key Should point to your SSL Private key

Once the config has been changed run the command "sudo a2ensite example.com.conf" to enable tie site. That command may fail due to the site already being enabled. The last step is to run "sudo systemctl restart apache2"

This should enable SSL for your site. The other stuff I have listed in the example config above that are not already listed in your existing config are optional.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct