Cannot Set Up the SSL Certificate through Letsencrypt


#1

Hi,

I cannot set up the SSL certificate using Letsencrypt. Here are the step that I have done.

Install Letsencrypt on the fresh installation of Ubuntu Server 16.04.

  1. sudo apt-get update
  2. sudo apt-get install python-letsencrypt-apache

Configure SSH on this Ubuntu Server.
3. ssh myroot@my_server_ip
4. sudo adduser second
5. sudo usermod -aG sudo second
6. ssh-keygen
7. ssh-copy-id second@my_server_ip
8. exit

Disable Password Authentication
9. gksu leafpad /etc/ssh/sshd_config
10. Change the lines in sshd_config to below and save.
PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
11.sudo systemctl reload sshd

Test SSH with the new username ‘second’.
9. ssh second@my_server_ip
10. As you can see below, SSH is no longer required the password.

Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-57-generic x86_64)

0 packages can be updated.
0 updates are security updates.

It also uses ‘the Public Key’ for authentication.

Set Up a Basic Firewall
11. sudo ufw allow OpenSSH
12. sudo ufw status

Status: active

To Action From


8080 ALLOW Anywhere
Apache Full ALLOW Anywhere
OpenSSH ALLOW Anywhere
8080 (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)

Set Up the SSL Certificate through Letsencrypt
13. $ sudo letsencrypt --apache -d zethanath.tk -d site1.zethanath.tk

Failed authorization procedure. zethanath.tk (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 69.197.18.189:443 for TLS-SNI-01 challenge, site1.zethanath.tk (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for site1.zethanath.tk

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: site1.zethanath.tk
Type: unknownHost
Detail: No valid IP addresses found for site1.zethanath.tk

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

  • The following errors were reported by the server:

Domain: zethanath.tk
Type: connection
Detail: Failed to connect to 69.197.18.189:443 for TLS-SNI-01
challenge

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

However, I believe my server is up and running.
14. ping site1.zethanath.tk

PING site1.zethanath.tk (192.168.1.148) 56(84) bytes of data.
64 bytes from ubuntu (192.168.1.148): icmp_seq=1 ttl=64 time=0.069 ms
64 bytes from ubuntu (192.168.1.148): icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from ubuntu (192.168.1.148): icmp_seq=3 ttl=64 time=0.054 ms
64 bytes from ubuntu (192.168.1.148): icmp_seq=4 ttl=64 time=0.061 ms
64 bytes from ubuntu (192.168.1.148): icmp_seq=5 ttl=64 time=0.055 ms
64 bytes from ubuntu (192.168.1.148): icmp_seq=6 ttl=64 time=0.055 ms
64 bytes from ubuntu (192.168.1.148): icmp_seq=7 ttl=64 time=0.041 ms
64 bytes from ubuntu (192.168.1.148): icmp_seq=8 ttl=64 time=0.081 ms
64 bytes from ubuntu (192.168.1.148): icmp_seq=9 ttl=64 time=0.084 ms
64 bytes from ubuntu (192.168.1.148): icmp_seq=10 ttl=64 time=0.059 ms
^Z
[3]+ Stopped ping site1.zethanath.tk

Here are my information.
Free domain name: https://my.freenom.com
Free DNS and subdomain: freedns.afraid.org
Server: Ubuntu Server 16.04

Please let me know if you would like me to give you the content of sshd_config (Step 10 above).

Thank you so much.


#2

You have site1.zethanath.tk set to 192.168.1.148 which is an internal IP address and hence can’t be reached from the internet.

You need to have your domain accessible on the general internet in order for it to be verified and a certificate issued.

Note: SSH and SSL are two different things, so all the information about SSH isn’t relevant to obtaining an SSL certificate.


#3

You mean I have to reconfigure my DNS and Subdomain at “freedns.afraid.org”.
I will try it now.


#4

your A record for “site1” would have to be pointed to the external IP address on your router not 192.168.1.148.
If your ISP gives you a dynamic IP which changes every 24 hours it’s going to be big headaches for you and you would need to get a static IP package from your ISP.


#5

Or use the Dynamic DNS settings :wink:


#6

Yes true, just that I’ve had issues in the past using Dynamic DNS systems that sometimes don’t update when the IP changes.


#7

Thank you. I will check with my ISP.

Have a nice day.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.