Certbot

From annawiki
root@www:/etc/apache2/sites-available# letsencrypt certonly -d anna.info -d www.anna.info --rsa-key-size 4096
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Apache Web Server plugin - Beta (apache)
2: Place files in webroot directory (webroot)
3: Spin up a temporary webserver (standalone)
-------------------------------------------------------------------------------

2 webroot

Select the webroot for www.anna.info:
-------------------------------------------------------------------------------
1: Enter a new webroot
2: /home/www/anna.info
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. anna.info (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://anna.info/.well-known/acme-challenge/k9ZGvgNa[...]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p", www.anna.info (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.anna.info/.well-known/acme-challenge/yBpsznLsuF[...]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: anna.info
   Type:   unauthorized
   Detail: Invalid response from
   http://anna.info/.well-known/acme-challenge/k9ZGvgNadH[...]:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>403 Forbidden</title>
   </head><body>
   <h1>Forbidden</h1>
   <p"

   Domain: www.anna.info
   Type:   unauthorized
   Detail: Invalid response from
   http://www.anna.info/.well-known/acme-challenge/yBpszn[...]:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>403 Forbidden</title>
   </head><body>
   <h1>Forbidden</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

2 webroot - check

check if http://anna.info is available, needs directory-section for http!

  1. When the cert is there the directory section can be removed
  2. after redirecting to https://anna.info and enabling the TLS section in vhost, one can stop the whole server if the cert-is not found
  3. to prevent shut down, due to TLS section error cert and cert-statement must be there:
SSLCertificateFile /etc/letsencrypt/live/anna.info/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/anna.info/privkey.pem

3 standalone

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for anna.info
http-01 challenge for www.anna.info

-------------------------------------------------------------------------------
Could not bind TCP port 80 because it is already in use by another process on
this system (such as a web server). Please stop the program in question and then
try again.
-------------------------------------------------------------------------------
(R)etry/(C)ancel: