Could not find SSL Module and disabling session ticket module on Certbot

h8dop

New Member


Messages: 3

Hi all good people

I'm building a web using FAMP stack and use WP as CMS.

at first it's going very smooth, no problem at all.
I have very functional http website.

Then, I want to make it has https and SSL
I load the mod_ssl and disabling sessionticket off

when deploying the cert i'm using certbot

# certbot --apache -d myweb.com -d www.myweb.com

certbot saying that unable to find mod ssl and not disabling session ticket.
But, you see my statement above right?
Although certbot success deploying cert on my web.

I found similar issue on
https://github.com/certbot/certbot/issues/8072

Trying to use
--apache-ctl isn't working
using --apachectl also the same.

When I load my web on both http and https
It shows me
ERR_TOO_MANY_REDIRECTS
,,
when check my web on SSLlabs
it gets rate A

What's wrong with all this?
How do I solve this problem.

Regards,
h8dop
 

rafael_grether

New Member

Reaction score: 1
Messages: 7

Hi,

Do you use a reverse proxy, like Cloudflare?
If yes, try to appoint directly to your server, without proxy.

About ssl module, type
httpd -M | grep ssl
to confirm that SSL module is loaded (eg. ssl_module (shared))
 
OP
H

h8dop

New Member


Messages: 3

Hi,

Do you use a reverse proxy, like Cloudflare?
If yes, try to appoint directly to your server, without proxy.

About ssl module, type
httpd -M | grep ssl
to confirm that SSL module is loaded (eg. ssl_module (shared))
Thank you rafael_grether for your suggestion
I don't use reverse proxy. I already point /etc/host/ on my server.

perform
httpd -M | grep ssl
and Yes it shows
ssl_module (shared)

When I run
certbot renew --dry-run
this red line always appears
Unable to read ssl_module file; not disabling session tickets.

But, in the end of section it says
Congratulations, all simulated renewals succeeded:
/usr/local/etc/letsencrypt/live/yourweb.com/fullchain.pem (success)

is this still ok? because like I said earlier the mod_ssl was anabled and SSLSessionTickets off
Thank you
 

rafael_grether

New Member

Reaction score: 1
Messages: 7

Hi h8top,

Do you installed certbot from ports, alright?
I think certbot uses py38-openssl dependency to locate ssl_module.

But not ok. It seems certbot only generated fullchain.pem, but should generate fullchain.pem and privkey.pem

Please Pastebin your letsencrypt.log.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,293
Messages: 38,810

I just use the -w option to set a specific webroot I configured for this. If anything needs to be restarted because the certificates have been updated then a script in renewal-hooks/post/ takes care of restarting any services that need it. A script in renewal-hooks/deploy/ takes care of copying the certificates to their appropriate locations.
 
Top