LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page [SOLVED] CERTBOT: fullchain.pem vs privkey.pem
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-30-2023, 05:06 PM   #1
banderas20
Member
 
Registered: Aug 2018
Posts: 138

Rep: Reputation: Disabled
CERTBOT: fullchain.pem vs privkey.pem

Hi!

I have used CERTBOT and successfully get the SSL certificates.

However, I don't understand the purpose and difference between these 2 files:

/etc/letsencrypt/live/domain.com/fullchain.pem
/etc/letsencrypt/live/domain.com/privkey.pem

What does each one do?

Thanks!
 
Old 07-31-2023, 10:00 AM   #2
boughtonp
Senior Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 3,616

Rep: Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555
This is explained in the CertBot documentation.

https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates
 
Old 08-01-2023, 02:10 PM   #3
banderas20
Member
 
Registered: Aug 2018
Posts: 138

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by boughtonp View Post
Hi!


Thanks for the reply. I have added the corresponding files to the directives:


Code:
SSLEngine on

SSLCertificateChainFile  /etc/letsencrypt/live/domain.com/fullchain.pem

SSLCertificateKeyFile    /etc/letsencrypt/live/domain.com/privkey.pem

SSLCertificateFile       /etc/letsencrypt/live/domain.com/cert.pem

However, if I access https://myhomeIP, I still get a security warning from the browser, even if it says "Verified by Let's Encryp".


I I go to the Apache2 logs, it says:


Code:
Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this

¿Where is my error and how can I make the website fully trusted?


Thanks!
 
Old 08-02-2023, 05:13 PM   #4
banderas20
Member
 
Registered: Aug 2018
Posts: 138

Original Poster
Rep: Reputation: Disabled
Found the error. The certificate was issued to a domain. Hence the access by IP gave that warning.


Thanks!
 
  


Reply

Tags
certbot, certificates, ssl



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Letsencrypt certbot Panicked Linux - Server 4 06-13-2017 06:10 PM
LXer: Secure your webserver with improved Certbot LXer Syndicated Linux News 0 05-26-2017 10:01 AM
[SOLVED] Bundle SSL certificates with LetsEncrypt/Certbot? kikinovak Slackware 1 03-14-2017 07:58 AM
LXer: Using certbot to secure your personal site LXer Syndicated Linux News 0 02-23-2017 02:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:21 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration