Certbot
root@www:/etc/apache2/sites-available# letsencrypt certonly -d anna.info -d www.anna.info --rsa-key-size 4096 Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? ------------------------------------------------------------------------------- 1: Apache Web Server plugin - Beta (apache) 2: Place files in webroot directory (webroot) 3: Spin up a temporary webserver (standalone) -------------------------------------------------------------------------------
2 webroot
Select the webroot for www.anna.info: ------------------------------------------------------------------------------- 1: Enter a new webroot 2: /home/www/anna.info ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Waiting for verification... Cleaning up challenges Failed authorization procedure. anna.info (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://anna.info/.well-known/acme-challenge/k9ZGvgNa[...]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p", www.anna.info (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.anna.info/.well-known/acme-challenge/yBpsznLsuF[...]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p" IMPORTANT NOTES: - The following errors were reported by the server: Domain: anna.info Type: unauthorized Detail: Invalid response from http://anna.info/.well-known/acme-challenge/k9ZGvgNadH[...]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p" Domain: www.anna.info Type: unauthorized Detail: Invalid response from http://www.anna.info/.well-known/acme-challenge/yBpszn[...]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2 webroot - check
check if http://anna.info is available, needs directory-section for http!
- When the cert is there the directory section can be removed
- after redirecting to https://anna.info and enabling the TLS section in vhost, one can stop the whole server if the cert-is not found
- to prevent shut down, due to TLS section error cert must be there
3 standalone
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3 Obtaining a new certificate Performing the following challenges: http-01 challenge for anna.info http-01 challenge for www.anna.info ------------------------------------------------------------------------------- Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again. ------------------------------------------------------------------------------- (R)etry/(C)ancel: