Adding certbot ssl certification to custom domain on surge

#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: hectorcoronado.codes

I ran this command: sudo certbot

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’ to cancel): hectorcoronado.codes
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for hectorcoronado.codes
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

My web server is (include version): either HAProxy or Apache (I’m using surge, and apparently it can use either/or, see https://surge.sh/help/securing-your-custom-domain-with-ssl#get-the-cert-signed)

The operating system my web server runs on is (include version): I don’t know

My hosting provider, if applicable, is: surge

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Note: surge doesn’t automatically support Let’sEncrypt (see https://twitter.com/surge_sh/status/676285277078351873?lang=en), but does so for beta users, which I’ve been added to their list. Any help would be greatly appreciated; I’ve next to no experience trying to debug these kind of issues :confused:

#2

You’re probably going to have to do manual DNS verification:

certbot certonly --manual --preferred-challenges dns -d hectorcoronado.codes

and setup the requested TXT records in your Google Domains DNS control panel.

Then, you will have these files:

  1. /etc/letsencrypt/live/hectorcoronado.codes/privkey.pem
  2. /etc/letsencrypt/live/hectorcoronado.codes/fullchain.pem

Then you:

cat /etc/letsencrypt/live/hectorcoronado.codes/privkey.pem /etc/letsencrypt/live/hectorcoronado.codes/fullchain.pem > /root/surge.pem
surge ssl --pem /root/surge.pem --domain hectorcoronado.codes

Not very automated, but unless you ditch Google Domains as your DNS host, there’s no way really to improve the workflow.

(Edit: to clarify, you cannot use HTTP-01 validation in combination with surge, because they intercept the /.well-known/acme-challenge/ requests, presumably for their own integration. So you must use DNS validation.)

2 Likes
#3

Bit late to reply, but thank you very much for this, @_az, sorted it out!

closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.