Questions tagged [lets-encrypt]

LET'S ENCRYPT QUESTIONS MUST BE PROGRAMMING RELATED. Let’s Encrypt is a free, automated, and open certificate authority provided by the Internet Security Research Group.

Filter by
Sorted by
Tagged with
162 votes
6 answers
199k views

Letsencrypt add domain to existing certificate [closed]

I am just simply trying to add the domain test.example.com to the certificate that already exists for example.com. How do I add a domain to my existing certificate and replace the old certificate? I ...
Jeff Davenport's user avatar
138 votes
4 answers
88k views

Does Java support Let's Encrypt certificates?

I am developing a Java application that queries a REST API on a remote server over HTTP. For security reasons this communication should be switched to HTTPS. Now that Let's Encrypt started their ...
Hexaholic's user avatar
  • 3,335
120 votes
4 answers
244k views

How to renew only one domain with certbot?

I have multiple domains with multiple certificates: $ ll /etc/letsencrypt/live/ > domain1.com > domain2.com > domain3.com > ... I need to renew only domain1.com, but the command certbot ...
e-info128's user avatar
  • 3,911
103 votes
12 answers
53k views

Git for Windows: SSL certificate problem: certificate has expired

I am aware that Let's Encrypt made changes that may impact older clients because a root certificate would expire. See DST Root CA X3 Expiration (September 2021). However, I didn't think this could ...
Jürgen Steinblock's user avatar
82 votes
2 answers
46k views

How to install Certbot (Let's Encrypt) without interaction?

I am writing a bash script which bootstraps the whole project infrastructure in the freshly installed server and i want to configure ssl installation with letcecrypt certbot. After I execute line: ...
Laimonas Sutkus's user avatar
79 votes
12 answers
87k views

Letsencrypt renewal fails: Could not bind to IPv4 or IPv6.. Skipping

The full error message I'm getting is: Attempting to renew cert from /etc/letsencrypt/renewal/somedomain.com.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or ...
Anthony Ainsworth's user avatar
61 votes
1 answer
69k views

Generate CRT & KEY ssl files from Let's Encrypt from scratch [closed]

I'd like to generate a CRT/KEY couple SSL files with Let's Encrypt (with manual challenge). I'm trying something like this : certbot certonly --manual -d mydomain.com But I only get these files in ...
Sylvain's user avatar
  • 2,912
60 votes
8 answers
48k views

How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?

I'm new to securing a server so I don't really know much about this but I need to get my Spring Boot Application that is running on a Digital Ocean Droplet to use HTTPS. My idea is to register a ...
BrandenS's user avatar
  • 621
58 votes
7 answers
116k views

Issue using certbot with nginx

I'm actually working on a webapp, I use Reactjs for the frontend and Golang for the backend. Those 2 programs are hosted separately on 2 VMs on Google-Compute-Engine. I want to serve my app through ...
G.D's user avatar
  • 832
56 votes
4 answers
40k views

https on S3 WITHOUT cloudfront possible?

We currently want to start hosting all our assets through AWS S3 and we also want to server everything over https. I understand I can use the Amazon Certificate Manager (ACM) with Cloudfront to server ...
kramer65's user avatar
  • 52.2k
52 votes
10 answers
101k views

How do I schedule the Let's Encrypt certbot to automatically renew my certificate in cron?

I've seen conflicting recommendations. From the eff.org docs: if you're setting up a cron or systemd job, we recommend running it twice per day... Please select a random minute within the hour for ...
Chapman Atwell's user avatar
49 votes
7 answers
39k views

How to stop renewing a letsencrypt/certbot certificate?

There are lots of tutorials online of how to create and renew a certificate with letsencrypt, but I want to remove and stop renewing a certificate that I created (it was only created for testing ...
Jackson Ray Hamilton's user avatar
46 votes
1 answer
39k views

Letsencrypt certificate for www and non-www domain

I have generated SSL certificate like so: sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt ./letsencrypt-auto certonly --standalone Then I was asked for email ... and a ...
user2814599's user avatar
  • 1,120
44 votes
5 answers
35k views

Let's encrypt SSL couldn't start by "Error: EACCES: permission denied, open '/etc/letsencrypt/live/domain.net/privkey.pem'"

I tried to use SSL by Node.js but it doesn't work because permission denied. try { var TLSoptions = { key: fs.readFileSync("/etc/letsencrypt/live/domain.work/privkey.pem"), cert: fs....
kraftwerk's user avatar
  • 453
44 votes
3 answers
25k views

How to set up Let's Encrypt for a Go server application

I have my own domain with web services written in Go. I am using the inbuilt Go web server, without Nginx or Apache in front. I would like to start serving over HTTPS and I realized Let's Encrypt is ...
Daniele B's user avatar
  • 20.3k
37 votes
3 answers
10k views

Certbot Apache error "Name duplicates previous WSGI daemon definition."

On my Ubuntu 16.04 server, I have an Apache conf file at /etc/apache2/sites-enabled/000-default.conf, which looks like this (abbreviated): WSGIApplicationGroup %{GLOBAL} <VirtualHost *:80> ...
Josh's user avatar
  • 2,860
36 votes
7 answers
36k views

How do I use let’s encrypt with gitlab?

I started to look in to ssl certificates when I stumbled upon let's encrypt, and I wanted to use it with gitlab, however being that it is running on a raspberry pi 2 and its running quite perfectly ...
chabad360's user avatar
  • 640
36 votes
9 answers
32k views

Let's Encrypt kubernetes Ingress Controller issuing Fake Certificate

Not Sure why I'm getting Fake certificate, even the certificate is properly issued by Let's Encrypt using certmanager The setup is running on the Alibaba Cloud ECS console, where one Kube-master and ...
anish's user avatar
  • 7,114
35 votes
7 answers
47k views

Let's encrypt error certificate install error - "Client with the currently selected authenticator does not support any combination of challenges" [closed]

I got this error while renewing let's encrypt certificate: "Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA" How can I ...
Sibin John Mattappallil's user avatar
31 votes
5 answers
53k views

Multiple subdomains with lets encrypt

I have an attractive message indicating me that it is unfortunately not possible to generate a certificate for multiple subdomains: Wildcard domains are not supported: *.mynewsiteweb.com On the ...
Breith's user avatar
  • 2,258
29 votes
3 answers
69k views

no "ssl_certificate" is defined for the "listen ... ssl" directive

I am trying to configure nginx server for my website. I am using the following code to configure my server. It works if I add default_server for my www.fastenglishacademy.fr (443) server block. But ...
Ahsan Aasim's user avatar
  • 1,247
29 votes
3 answers
35k views

Certbot not creating acme-challenge folder

I had working Let's encrypt certificates some months ago (with the old letsencrypt client). The server I am using is nginx. Certbot is creating the .well-known folder, but not the acme-challenge ...
lehnerchristian's user avatar
29 votes
4 answers
37k views

Certbot /.well-known/acme-challenge

Should I leave the /.well-known/acme-challenge always exposed on the server? Here is my config for the HTTP: server { listen 80; location '/.well-known/acme-challenge' { root /var/www/...
Ilya's user avatar
  • 1,120
28 votes
11 answers
129k views

javax.net.ssl.SSLException: Certificate doesn't match any of the subject alternative names

I recently added LetsEncrypt certificates to my server and my java applet is having problems connecting using TLS. My applet uses Apache HttpClient. My web server is Apache 2,4, and I have a few ...
yassam's user avatar
  • 573
28 votes
1 answer
18k views

Whats the difference between OpenSSL and LetsEncrypt? [closed]

Historically we have used LetsEncrypt at work, but the nginx container we are using has Openssl installed on it already. What are different use cases for selecting OpenSSL or Lets Encrypt?
Andrew Graham-Yooll's user avatar
27 votes
5 answers
39k views

In Java, what is the simplest way to create an SSLContext with just a PEM file?

I used LetsEncrypt's CertBot to generate PEM files for free. In other languages it is easy to start an HTTPS server using just a couple lines of code and the PEM/key files. The solutions I have ...
satnam's user avatar
  • 11.2k
26 votes
4 answers
13k views

Flutter on Android 7 CERTIFICATE_VERIFY_FAILED with LetsEncrypt SSL cert after Sept 30, 2021

After Sept 30, 2021, https get/post requests to a website using a Let's Encrypt SSL ceritificate on an old Android 7 device were failing with this error: HandshakeException: Handshake error in client (...
Baker's user avatar
  • 26.5k
26 votes
1 answer
15k views

How do you score A+ with 100 on all categories on SSL Labs test with Let's Encrypt and Nginx?

I'm trying to score 100 on all categories when testing my SSL certs at www.ssllabs.com However, I am struggling to get A+ and 100 on all scores. Any tips as to what NGINX config I should use? Or how ...
danday74's user avatar
  • 54.7k
24 votes
7 answers
60k views

LetsEncrypt certbot multiple renew-hooks

I'm automating an SSL certificate renewal from LetsEncrypt's certbot. The actual renewal is working, but I need to automate restarting services so that they load the renewed certificates. I was ...
bkoodaa's user avatar
  • 5,122
24 votes
3 answers
32k views

Configure Nginx to reply to http://my-domain.com/.well-known/acme-challenge/XXXX

I'm not able to get nginx to return the files I've put in /var/www/letsencrypt. nginx/sites-available/mydomain.conf server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; ...
martins's user avatar
  • 9,837
24 votes
2 answers
8k views

Difference between certbot and certbot-auto

I am using letsencrypt for my server to support https. When looking around I find commands with certbot and others with certbot-auto with similar funcionalities. Do you need to use consistently one or ...
Sarah N's user avatar
  • 528
21 votes
6 answers
4k views

CertPathValidatorException connecting to a Let's Encrypt host on Android M or earlier

[edit: If you are here for Let's Encrypt expiry event, this was extended to 2024 https://letsencrypt.org/2020/12/21/extending-android-compatibility.html], but is now ending this year https://...
Yuri Schimke's user avatar
  • 12.9k
21 votes
5 answers
17k views

WordPress with ssl form let's encrypt, but homepage not fully secure. "Attackers might be able to see images.." message

Could you help me find out what to do with not fully secure message. I have installed ssl certificate from let's encrypt, but my wordpress homepage has a message "Attackers might be able to see the ...
Tadas Stasiulionis's user avatar
20 votes
5 answers
16k views

How to use Let's Encrypt with Docker container based on the Node.js image

I am running an Express-based website in a Docker container based on the Node.js image. How do I use Let's Encrypt with a container based on that image?
jsejcksn's user avatar
  • 30.6k
19 votes
3 answers
21k views

Lets Encrypt ACME Challenge file not accessable from IIS

I have been trying to generate a SSL certificate for one of our projects which is running on an Azure VM which has no IP restrictions. However, the challenge file which is generated throws a 404 error ...
vishal vazkar's user avatar
19 votes
6 answers
35k views

Letsencrypt with htaccess

This is my current htaccess configuration of /frontend/web RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME} [R,L] # if a directory or a file exists, use it directly ...
revengezp's user avatar
  • 191
19 votes
6 answers
10k views

Let's Encrypt Failing DVSNI Challenge

I'm trying to configure Let's Encrypt certificates on a server that is publically accessible. Originally, the server was hiding behind a router, but I have since forwarded ports 80 and 443. The ...
James Taylor's user avatar
  • 6,298
18 votes
4 answers
10k views

Add .well-known to asp.net core

I want to have a .well-known directory in my root for letsencrypt renewals. I have added a route to .well-known like so: app.UseStaticFiles(new StaticFileOptions { FileProvider =...
Guerrilla's user avatar
  • 14.1k
18 votes
1 answer
26k views

Waiting on certificate issuance from order status "pending"

I'm running into an issue handling tls certificates with cert-manager, I'm following the documentation and added some extras to work with Traefik as an ingress. Currently, I have this YAML files: ...
maudev's user avatar
  • 1,021
18 votes
6 answers
18k views

CertManager Letsencrypt CertificateRequest "failed to perform self check GET request"

Waiting for http-01 challenge propagation: failed to perform self check GET request, it's similar to this bug https://github.com/jetstack/cert-manager/issues/656 but all solutions from GitHub ticket ...
Kirill's user avatar
  • 7,921
17 votes
3 answers
26k views

Let's Encrypt: How to manually test the certbot renewal process?

I have a working setup where Let's Encrypt certificates are generated with certbot. I wonder how you effectively test whether the renewal will work in production. The certificates last for 90 days. ...
Philipp Claßen's user avatar
17 votes
5 answers
6k views

How to set up Openshift with let's encrypt (letsencrypt)

How do I set up Openshift app to work with let's encrypt ? NB Openshift does not work with a simple python webserver approach to server, you need to use the correct port and bind to the correct IP ...
Brendan Sleight's user avatar
17 votes
6 answers
11k views

How do you install a LetsEncrypt SSL Certificate on Heroku

Since Heroku is read-only and does not allow sudo, what do I need to do to be able to install the LetsEncrypt.org certificate on their server for my app? If I have already set config.force_ssl = true ...
blnc's user avatar
  • 4,384
17 votes
4 answers
22k views

How to setup Letsencrypt for Google Cloud Compute Engine load balancer?

I've setup my Google Cloud Project to use a load balancer in combination with auto scaling instance templates. Currently the instance group only has one instance. My domain name successfully refers ...
Lennard Deurman's user avatar
17 votes
5 answers
14k views

let's encrypt vs cloudflare or both? [closed]

I've been really confused between cloudflare's ssl and using let's encrypt to have my website become full https. Many sources say to use either or use both. However there is not a very decisive way ...
user805981's user avatar
  • 10.6k
16 votes
2 answers
2k views

Let's Encrypt: ClientID reqistered under application settings differs from what I entered?

So I am trying to get Let's Encrypt working on Windows Azure through the web extension but I am getting a error that I cannot solve or find any information about. I am following this tutorial on how ...
Niek Jonkman's user avatar
  • 1,046
16 votes
4 answers
23k views

Using certbot to apply Let's Encrypt Certificate: Failed authorization procedure

I am using certbot to apply Let's Encrypt certificate, my server is centos 7.2 and nginx 1.11.9. what does this mean below? [root@test ~]# certbot certonly --webroot -w /var/www/www.example.com -d ...
zwl1619's user avatar
  • 4,124
16 votes
2 answers
16k views

How to force older debian to forget about DST Root CA X3 Expiration and use ISRG Root X1 - SSL certificate problem: certificate has expired

This relates to DST Root CA X3 Expiration (September 2021) When searching online for a fix to apply on an older server (Debian 8 in my case) that does call to sites encrypted with letsencrypt with ...
GabLeRoux's user avatar
  • 17.3k
16 votes
4 answers
29k views

NGINX + Let's encrypt: Could not automatically find a matching server block

I'm publishing a website made with Python Pyramid on an Ubuntu 18.04 server. The website is running properly on HTTP and now I'm trying to make it run on HTTPS by following this article but when ...
André Luiz's user avatar
  • 6,962
16 votes
2 answers
7k views

How can I use a LetsEncrypt SSL cert in my Heroku Node Express app?

I have a Node Express app running on Heroku that I want to encrypt with a free-of-charge SSL cert from LetsEncrypt. However, the methods I've seen require opening up ports 443 and 80 to allow the ACME ...
stone's user avatar
  • 8,532

1
2 3 4 5
41