Certbot: Difference between revisions
Created page with " ==Webroot== <pre> Select the webroot for www.anna.info: ------------------------------------------------------------------------------- 1: Enter a new webroot 2: /home/www/an..." |
|||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
<pre> | |||
root@www:/etc/apache2/sites-available# letsencrypt certonly -d anna.info -d www.anna.info --rsa-key-size 4096 | |||
Saving debug log to /var/log/letsencrypt/letsencrypt.log | |||
== | How would you like to authenticate with the ACME CA? | ||
------------------------------------------------------------------------------- | |||
1: Apache Web Server plugin - Beta (apache) | |||
2: Place files in webroot directory (webroot) | |||
3: Spin up a temporary webserver (standalone) | |||
------------------------------------------------------------------------------- | |||
</pre> | |||
== 2 webroot== | |||
<pre> | <pre> | ||
Select the webroot for www.anna.info: | Select the webroot for www.anna.info: | ||
Line 50: | Line 60: | ||
entered correctly and the DNS A record(s) for that domain | entered correctly and the DNS A record(s) for that domain | ||
contain(s) the right IP address. | contain(s) the right IP address. | ||
</pre> | |||
===2 webroot - check=== | |||
check if http://anna.info is available, needs directory-section for http! | |||
#When the cert is there the directory section can be removed | |||
#after redirecting to https://anna.info and enabling the TLS section in vhost, one can stop the whole server if the cert-is not found | |||
#to prevent shut down, due to TLS section error cert and cert-statement must be there: | |||
SSLCertificateFile /etc/letsencrypt/live/anna.info/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/anna.info/privkey.pem | |||
==3 standalone== | |||
<pre> | |||
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3 | |||
Obtaining a new certificate | |||
Performing the following challenges: | |||
http-01 challenge for anna.info | |||
http-01 challenge for www.anna.info | |||
------------------------------------------------------------------------------- | |||
Could not bind TCP port 80 because it is already in use by another process on | |||
this system (such as a web server). Please stop the program in question and then | |||
try again. | |||
------------------------------------------------------------------------------- | |||
(R)etry/(C)ancel: | |||
</pre> | </pre> |
Latest revision as of 2018-06-19T17:01:00
root@www:/etc/apache2/sites-available# letsencrypt certonly -d anna.info -d www.anna.info --rsa-key-size 4096 Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? ------------------------------------------------------------------------------- 1: Apache Web Server plugin - Beta (apache) 2: Place files in webroot directory (webroot) 3: Spin up a temporary webserver (standalone) -------------------------------------------------------------------------------
2 webroot
Select the webroot for www.anna.info: ------------------------------------------------------------------------------- 1: Enter a new webroot 2: /home/www/anna.info ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Waiting for verification... Cleaning up challenges Failed authorization procedure. anna.info (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://anna.info/.well-known/acme-challenge/k9ZGvgNa[...]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p", www.anna.info (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.anna.info/.well-known/acme-challenge/yBpsznLsuF[...]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p" IMPORTANT NOTES: - The following errors were reported by the server: Domain: anna.info Type: unauthorized Detail: Invalid response from http://anna.info/.well-known/acme-challenge/k9ZGvgNadH[...]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p" Domain: www.anna.info Type: unauthorized Detail: Invalid response from http://www.anna.info/.well-known/acme-challenge/yBpszn[...]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2 webroot - check
check if http://anna.info is available, needs directory-section for http!
- When the cert is there the directory section can be removed
- after redirecting to https://anna.info and enabling the TLS section in vhost, one can stop the whole server if the cert-is not found
- to prevent shut down, due to TLS section error cert and cert-statement must be there:
SSLCertificateFile /etc/letsencrypt/live/anna.info/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/anna.info/privkey.pem
3 standalone
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3 Obtaining a new certificate Performing the following challenges: http-01 challenge for anna.info http-01 challenge for www.anna.info ------------------------------------------------------------------------------- Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again. ------------------------------------------------------------------------------- (R)etry/(C)ancel: