Questions tagged [lets-encrypt]
LET'S ENCRYPT QUESTIONS MUST BE PROGRAMMING RELATED. Let’s Encrypt is a free, automated, and open certificate authority provided by the Internet Security Research Group.
2,045
questions
162
votes
6
answers
199k
views
Letsencrypt add domain to existing certificate [closed]
I am just simply trying to add the domain test.example.com to the certificate that already exists for example.com. How do I add a domain to my existing certificate and replace the old certificate?
I ...
138
votes
4
answers
88k
views
Does Java support Let's Encrypt certificates?
I am developing a Java application that queries a REST API on a remote server over HTTP. For security reasons this communication should be switched to HTTPS.
Now that Let's Encrypt started their ...
120
votes
4
answers
244k
views
How to renew only one domain with certbot?
I have multiple domains with multiple certificates:
$ ll /etc/letsencrypt/live/
> domain1.com
> domain2.com
> domain3.com
> ...
I need to renew only domain1.com, but the command certbot ...
103
votes
12
answers
53k
views
Git for Windows: SSL certificate problem: certificate has expired
I am aware that Let's Encrypt made changes that may impact older clients because a root certificate would expire. See DST Root CA X3 Expiration (September 2021).
However, I didn't think this could ...
82
votes
2
answers
46k
views
How to install Certbot (Let's Encrypt) without interaction?
I am writing a bash script which bootstraps the whole project infrastructure in the freshly installed server and i want to configure ssl installation with letcecrypt certbot. After I execute line:
...
79
votes
12
answers
87k
views
Letsencrypt renewal fails: Could not bind to IPv4 or IPv6.. Skipping
The full error message I'm getting is:
Attempting to renew cert from /etc/letsencrypt/renewal/somedomain.com.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or ...
61
votes
1
answer
69k
views
Generate CRT & KEY ssl files from Let's Encrypt from scratch [closed]
I'd like to generate a CRT/KEY couple SSL files with Let's Encrypt (with manual challenge).
I'm trying something like this :
certbot certonly --manual -d mydomain.com
But I only get these files in ...
60
votes
8
answers
48k
views
How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?
I'm new to securing a server so I don't really know much about this but I need to get my Spring Boot Application that is running on a Digital Ocean Droplet to use HTTPS.
My idea is to register a ...
58
votes
7
answers
116k
views
Issue using certbot with nginx
I'm actually working on a webapp, I use Reactjs for the frontend and Golang for the backend. Those 2 programs are hosted separately on 2 VMs on Google-Compute-Engine. I want to serve my app through ...
56
votes
4
answers
40k
views
https on S3 WITHOUT cloudfront possible?
We currently want to start hosting all our assets through AWS S3 and we also want to server everything over https. I understand I can use the Amazon Certificate Manager (ACM) with Cloudfront to server ...
52
votes
10
answers
101k
views
How do I schedule the Let's Encrypt certbot to automatically renew my certificate in cron?
I've seen conflicting recommendations. From the eff.org docs:
if you're setting up a cron or systemd job, we recommend running it twice per day... Please select a random minute within the hour for ...
49
votes
7
answers
39k
views
How to stop renewing a letsencrypt/certbot certificate?
There are lots of tutorials online of how to create and renew a certificate with letsencrypt, but I want to remove and stop renewing a certificate that I created (it was only created for testing ...
46
votes
1
answer
39k
views
Letsencrypt certificate for www and non-www domain
I have generated SSL certificate like so:
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
./letsencrypt-auto certonly --standalone
Then I was asked for email ... and a ...
44
votes
5
answers
35k
views
Let's encrypt SSL couldn't start by "Error: EACCES: permission denied, open '/etc/letsencrypt/live/domain.net/privkey.pem'"
I tried to use SSL by Node.js but it doesn't work because permission denied.
try {
var TLSoptions = {
key: fs.readFileSync("/etc/letsencrypt/live/domain.work/privkey.pem"),
cert: fs....
44
votes
3
answers
25k
views
How to set up Let's Encrypt for a Go server application
I have my own domain with web services written in Go. I am using the inbuilt Go web server, without Nginx or Apache in front.
I would like to start serving over HTTPS and I realized Let's Encrypt is ...
37
votes
3
answers
10k
views
Certbot Apache error "Name duplicates previous WSGI daemon definition."
On my Ubuntu 16.04 server, I have an Apache conf file at /etc/apache2/sites-enabled/000-default.conf, which looks like this (abbreviated):
WSGIApplicationGroup %{GLOBAL}
<VirtualHost *:80>
...
36
votes
7
answers
36k
views
How do I use let’s encrypt with gitlab?
I started to look in to ssl certificates when I stumbled upon let's encrypt, and I wanted to use it with gitlab, however being that it is running on a raspberry pi 2 and its running quite perfectly ...
36
votes
9
answers
32k
views
Let's Encrypt kubernetes Ingress Controller issuing Fake Certificate
Not Sure why I'm getting Fake certificate, even the certificate is properly issued by Let's Encrypt using certmanager
The setup is running on the Alibaba Cloud ECS console, where one Kube-master and ...
35
votes
7
answers
47k
views
Let's encrypt error certificate install error - "Client with the currently selected authenticator does not support any combination of challenges" [closed]
I got this error while renewing let's encrypt certificate:
"Client with the currently selected authenticator does not support any
combination of challenges that will satisfy the CA"
How can I ...
31
votes
5
answers
53k
views
Multiple subdomains with lets encrypt
I have an attractive message indicating me that it is unfortunately not possible to generate a certificate for multiple subdomains:
Wildcard domains are not supported: *.mynewsiteweb.com
On the ...
29
votes
3
answers
69k
views
no "ssl_certificate" is defined for the "listen ... ssl" directive
I am trying to configure nginx server for my website. I am using the following code to configure my server. It works if I add default_server for my www.fastenglishacademy.fr (443) server block.
But ...
29
votes
3
answers
35k
views
Certbot not creating acme-challenge folder
I had working Let's encrypt certificates some months ago (with the old letsencrypt client).
The server I am using is nginx.
Certbot is creating the .well-known folder, but not the acme-challenge ...
29
votes
4
answers
37k
views
Certbot /.well-known/acme-challenge
Should I leave the /.well-known/acme-challenge always exposed on the server?
Here is my config for the HTTP:
server {
listen 80;
location '/.well-known/acme-challenge' {
root /var/www/...
28
votes
11
answers
129k
views
javax.net.ssl.SSLException: Certificate doesn't match any of the subject alternative names
I recently added LetsEncrypt certificates to my server and my java applet is having problems connecting using TLS.
My applet uses Apache HttpClient.
My web server is Apache 2,4, and I have a few ...
28
votes
1
answer
18k
views
Whats the difference between OpenSSL and LetsEncrypt? [closed]
Historically we have used LetsEncrypt at work, but the nginx container we are using has Openssl installed on it already.
What are different use cases for selecting OpenSSL or Lets Encrypt?
27
votes
5
answers
39k
views
In Java, what is the simplest way to create an SSLContext with just a PEM file?
I used LetsEncrypt's CertBot to generate PEM files for free. In other languages it is easy to start an HTTPS server using just a couple lines of code and the PEM/key files. The solutions I have ...
26
votes
4
answers
13k
views
Flutter on Android 7 CERTIFICATE_VERIFY_FAILED with LetsEncrypt SSL cert after Sept 30, 2021
After Sept 30, 2021, https get/post requests to a website using a Let's Encrypt SSL ceritificate on an old Android 7 device were failing with this error:
HandshakeException: Handshake error in client (...
26
votes
1
answer
15k
views
How do you score A+ with 100 on all categories on SSL Labs test with Let's Encrypt and Nginx?
I'm trying to score 100 on all categories when testing my SSL certs at www.ssllabs.com
However, I am struggling to get A+ and 100 on all scores.
Any tips as to what NGINX config I should use? Or how ...
24
votes
7
answers
60k
views
LetsEncrypt certbot multiple renew-hooks
I'm automating an SSL certificate renewal from LetsEncrypt's certbot. The actual renewal is working, but I need to automate restarting services so that they load the renewed certificates. I was ...
24
votes
3
answers
32k
views
Configure Nginx to reply to http://my-domain.com/.well-known/acme-challenge/XXXX
I'm not able to get nginx to return the files I've put in /var/www/letsencrypt.
nginx/sites-available/mydomain.conf
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
...
24
votes
2
answers
8k
views
Difference between certbot and certbot-auto
I am using letsencrypt for my server to support https. When looking around I find commands with certbot and others with certbot-auto with similar funcionalities. Do you need to use consistently one or ...
21
votes
6
answers
4k
views
CertPathValidatorException connecting to a Let's Encrypt host on Android M or earlier
[edit: If you are here for Let's Encrypt expiry event, this was extended to 2024 https://letsencrypt.org/2020/12/21/extending-android-compatibility.html], but is now ending this year https://...
21
votes
5
answers
17k
views
WordPress with ssl form let's encrypt, but homepage not fully secure. "Attackers might be able to see images.." message
Could you help me find out what to do with not fully secure message.
I have installed ssl certificate from let's encrypt, but my wordpress homepage has a message "Attackers might be able to see the ...
20
votes
5
answers
16k
views
How to use Let's Encrypt with Docker container based on the Node.js image
I am running an Express-based website in a Docker container based on the Node.js image. How do I use Let's Encrypt with a container based on that image?
19
votes
3
answers
21k
views
Lets Encrypt ACME Challenge file not accessable from IIS
I have been trying to generate a SSL certificate for one of our projects which is running on an Azure VM which has no IP restrictions. However, the challenge file which is generated throws a 404 error ...
19
votes
6
answers
35k
views
Letsencrypt with htaccess
This is my current htaccess configuration of /frontend/web
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]
# if a directory or a file exists, use it directly
...
19
votes
6
answers
10k
views
Let's Encrypt Failing DVSNI Challenge
I'm trying to configure Let's Encrypt certificates on a server that is publically accessible. Originally, the server was hiding behind a router, but I have since forwarded ports 80 and 443.
The ...
18
votes
4
answers
10k
views
Add .well-known to asp.net core
I want to have a .well-known directory in my root for letsencrypt renewals.
I have added a route to .well-known like so:
app.UseStaticFiles(new StaticFileOptions
{
FileProvider =...
18
votes
1
answer
26k
views
Waiting on certificate issuance from order status "pending"
I'm running into an issue handling tls certificates with cert-manager, I'm following the documentation and added some extras to work with Traefik as an ingress.
Currently, I have this YAML files:
...
18
votes
6
answers
18k
views
CertManager Letsencrypt CertificateRequest "failed to perform self check GET request"
Waiting for http-01 challenge propagation: failed to perform self check GET request, it's similar to this bug https://github.com/jetstack/cert-manager/issues/656
but all solutions from GitHub ticket ...
17
votes
3
answers
26k
views
Let's Encrypt: How to manually test the certbot renewal process?
I have a working setup where Let's Encrypt certificates are generated with certbot. I wonder how you effectively test whether the renewal will work in production.
The certificates last for 90 days. ...
17
votes
5
answers
6k
views
How to set up Openshift with let's encrypt (letsencrypt)
How do I set up Openshift app to work with let's encrypt ?
NB Openshift does not work with a simple python webserver approach to server, you need to use the correct port and bind to the correct IP ...
17
votes
6
answers
11k
views
How do you install a LetsEncrypt SSL Certificate on Heroku
Since Heroku is read-only and does not allow sudo, what do I need to do to be able to install the LetsEncrypt.org certificate on their server for my app?
If I have already set config.force_ssl = true ...
17
votes
4
answers
22k
views
How to setup Letsencrypt for Google Cloud Compute Engine load balancer?
I've setup my Google Cloud Project to use a load balancer in combination with auto scaling instance templates. Currently the instance group only has one instance.
My domain name successfully refers ...
17
votes
5
answers
14k
views
let's encrypt vs cloudflare or both? [closed]
I've been really confused between cloudflare's ssl and using let's encrypt to have my website become full https.
Many sources say to use either or use both.
However there is not a very decisive way ...
16
votes
2
answers
2k
views
Let's Encrypt: ClientID reqistered under application settings differs from what I entered?
So I am trying to get Let's Encrypt working on Windows Azure through the web extension but I am getting a error that I cannot solve or find any information about.
I am following this tutorial on how ...
16
votes
4
answers
23k
views
Using certbot to apply Let's Encrypt Certificate: Failed authorization procedure
I am using certbot to apply Let's Encrypt certificate,
my server is centos 7.2 and nginx 1.11.9.
what does this mean below?
[root@test ~]# certbot certonly --webroot -w /var/www/www.example.com -d ...
16
votes
2
answers
16k
views
How to force older debian to forget about DST Root CA X3 Expiration and use ISRG Root X1 - SSL certificate problem: certificate has expired
This relates to DST Root CA X3 Expiration (September 2021)
When searching online for a fix to apply on an older server (Debian 8 in my case) that does call to sites encrypted with letsencrypt with ...
16
votes
4
answers
29k
views
NGINX + Let's encrypt: Could not automatically find a matching server block
I'm publishing a website made with Python Pyramid on an Ubuntu 18.04 server. The website is running properly on HTTP and now I'm trying to make it run on HTTPS by following this article but when ...
16
votes
2
answers
7k
views
How can I use a LetsEncrypt SSL cert in my Heroku Node Express app?
I have a Node Express app running on Heroku that I want to encrypt with a free-of-charge SSL cert from LetsEncrypt. However, the methods I've seen require opening up ports 443 and 80 to allow the ACME ...