Apache not found

I'm currently reading this link:
https://eff-certbot.readthedocs.io/en/stable/install.html#running-with-docker

I had a problem with the A record, solved.
Now dealing with Docker installation, unusual thing for cert bot.

2 Likes

Where is your site actually hosted?

  1. Oracle
  2. Cloudflare
  3. Somewhere else

Hosted on Oracle

2 Likes

So how does this apply to:

For having the

I am probably missing some detail.

:question:

2 Likes

That was OPs previous situation (the Cloudflare one, although I think OP is talking about DNS only, as Cloudflare doesn't offer hosting? I believe it was previously hosted on Google? I dunno..) I believe.. But currently it's all Oracle.

We don't really see much Oracle around here. Could you perhaps elaborate on what kind of hosting you have? Virtual Private Server? Probably, as you have root..

Is there a specific reason why you're using Docker? The short gist of using Docker is using the webroot authenticator and manually install the certificate into the webserver.

4 Likes

I have an instance created on Oracle Cloud - a VPS.
I need to set up a load balancer and upload a certificate for that.
I use docker because it simplifies installations, gives me a GUI - portainer, sets apart programs that would use up the entire VM.

3 Likes

will study this

3 Likes

There do seem to be a few out there using Orcale Cloud such as Acme-dns not reachable, possible DNS problems, "couldn't get address for" - #14 by CoUsT
I suggest searching for Orcale Cloud to find the others who have use it. Looks like about 30 results in from the search here on the LE community. :smile:

4 Likes
5 Likes

Hi guys, I started from scratch and back to cloudflare.

https://www.cloudflare.com/pt-br/diagnostic-center/?url=theapothecary.app

  • now I got certificates for both theapothecary.app and blog.theapothecary.app
  • you can see the diagnosis complains about Error 400 - port 443 seems inaccessible.
  • I run the shell command:# netstat -l | grep http
    tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
    tcp6 0 0 [::]:https [::]:* LISTEN
    tcp6 0 0 [::]:http [::]:* LISTEN

On Let's debug:
https://letsdebug.net/theapothecary.app/1106543?debug=y

DEBUG

Challenge update failures for theapothecary.app in order https://acme-staging-v02.api.letsencrypt.org/acme/order/5751349/3095949374

acme: error code 403 "urn:ietf:params:acme:error:unauthorized": 2606:4700:3035::ac43:d6e4: Invalid response from https://theapothecary.app/.well-known/acme-challenge/B6N7Ls-xf4ydnuu7zkL7mfRVHo1APx89lRetDbxhcpU: 526

DNS Lookup - Check All DNS Records for Any Domain

  • no CNAME found.

So the issue is not anymore: Apache not found, because with cloudflare API found at: https://hub.docker.com/r/oznu/cloudflare-ddns/

I can run on a stack with docker and nginx proxy manager does the certificate using cloudflare, all containers are communicating, logs looking good, cloudflare api token is accepted.

  • I got 2 certificates today, 1 for theapothecary.app, 1 for blog.theapothecary.app. I haven't got access to cert keys, I guess cloudflare admins them.

Now, if cloudflare says all is good but port ssl, I guess I am just a few steps from solving the drama?

In my instance, what I can do, open all ports includig 443, is done.

Any tips please? Thanks as aways for the kind support.

2 Likes

Currently, the connection from an Internet client and your domain is encrypted.
But that is not end-to-end encryption - it is only client to CDN encryption.
The last half of that end-to-end connection is from the CDN to your actual server.
To encrypt that, you can either:

  • use a CDN provided cert [that is usually only trusted by the CDN provider]
  • use a globally trusted cert (like: LE)

In your specific CDN case, for everything CF, please visit their support site
[they are a for profit business and this forum is unrelated and free help]

For everything LE, you've come to the right place. :slight_smile:
Getting an LE cert "through" a CDN requires some specific setting in the CDN and some understanding of how they handle HTTP.
In the case of CF, it means checking (or unchecking - I don't use CF) the "STRICT" https setting.
And understanding that any expected HTTP requests will never reach your server (as they would all likely be redirected to HTTPS by the CDN).

That said, if you are also using "shared hosting" and/or any type of control panel...
Well, then you are adding even more intricacies into the final equation.

5 Likes

Presently with SSL Checker - Check SSL Certificate I see this:

And for your blog.theapothecary.app I see this:

3 Likes

And with crt.sh | theapothecary.app I do see the two LE Certificates you speak of

3 Likes

The case is resolved.

Some one from cloudflare came for help, at least with cloudflare paused, it works.

Thanks to everyone here!

3 Likes

However @Deborah you are still not using Certificates from Let's Encrypt

For https://blog.theapothecary.app/

And for https://theapothecary.app/

2 Likes

And clicking through to https://blog.theapothecary.app/ this is shown:

And clicking through to https://theapothecary.app/ this is shown:

2 Likes

Cloudflare uses let's encrypt.

2 Likes

That's because I haven't configured WP, as soon as I do, I expect to see an html page on the www.
I will also change the public address of blog.theapothecary for a private one, so that www is the only one the public can access.

2 Likes

How does Cloudflare change the issuer from being Let's Encrypt to Cloudflare in signed certificate?
Look here: My account and website were stolen - #3 by MikeMcQ

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.