I cannot configure an SSL/TLS certificate for an Amazon Linux 2023 instance.

0

Hello there,

I created an instance in EC2 and I selected Amazon Linux 2023 as the operating system. I want to configure an SSL/TLS certificate for an Amazon Linux 2023 instance, but I cannot configure it successfully. The specific situation is that I followed the official tutorial provided by AWS: <Configure SSL/TLS on AL2023 (link: https://docs.aws.amazon.com/linux/al2023/ug/SSL-on-amazon-linux-2023 .html)>. After completing the steps provided in the OpenSSL dialog box and entering the "openssl x509 -in certificate.crt -text" command for verification, the following error appears:

  • "Could not open file or uri for loading certificate from certificate.crt 809B27381F7F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:crypto/store/store_register.c:237:scheme=file 809B27381F7F0000:error:80000002:system library:file_open:No such file or directory:providers/implementations/storemgmt/file_store.c:267:calling stat(certificate.crt) Unable to load certificate". * I don't know which link caused the problem. Supplement:Two certificates (apache-selfsigned.crt) have been generated in the "/etc/pki/tls/certs" directory and localhost.crt), but they don't seem to have any effect!

I suspect that the certificate cannot be automatically renewed according to the instructions provided in the document. After all, manually renewing the certificate each time is too troublesome and carries certain operational risks. So I wanted to use the third-party tool Certbot to enable the automatic renewal function for the certificate (website link: https://certbot.eff.org/instructions?ws=apache&os=pip). I chose "Apache on Pip". After entering the "sudo certbot --apache" command, "Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain." Please add a virtual host for port 80." error. This confuses me! I have clearly opened port 80 and can access the site normally through http. Why is it still prompted that the virtual host listening on port 80 cannot be found? Does anyone know what is going on?

Thanks in advance!

Karl

Karl
asked 3 months ago483 views
3 Answers
0

Hello.

In addition to opening port 80, try setting up a virtual host in Apache.
Specifically, try adding the following settings to the end of "/etc/httpd/conf/httpd.conf".

NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin root@example.com
DocumentRoot /var/www/html
ServerName example.com
</VirtualHost>
profile picture
EXPERT
answered 3 months ago
0

Hi,

I want to configure SSL/TLS certificates for subdomains of the domain name at the same time (such as example.com and www.example.com), but I find that I can only complete one of them. Which link did the problem occur?

Best wishes! Karl

Karl
answered 3 months ago
0

Hi,

Is there any way to add example.com's subdomain www.example.com to the certificate request list?

Best wishes! Karl

Karl
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions