Hello, we have a domain and we use already Let’sEncrypt as certificates. My colleague did all the necessary configurations for other urls. Yet, is my turn now to do some things, since he is on holidays now.
The story is, I create a new linux (OpenSuse 42.3) server and install apache and certbot separately in order to use it as a reverse proxy, so I can expose to outside world a service like gitlab that I install locally.
So, I create firstly a cname ie gitlab.domain.gr and since it didnt work i change it to an A record with the same name (gitlab.domain.gr).
I create in apache a vhost configuration, see below. My aim is to publish gitlab and been able to login remotetly outside of the local network.Yet I cannot create
I would appreciate any help, thank you
My domain is:
if its possible I dont want to write it down here, I can communicate it to you via email if there is a need
I ran this command:
certbot certonly --webroot -w /srv/www/htdocs/gitlab.domain.gr/ -d gitlab.domain.gr
It produced this output:
Saving debug log to /var/log/certbot/letsencrypt.log
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for gitlab.domain.gr
Using the webroot path /srv/www/htdocs/gitlab.domain.gr for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. gitlab.domain.gr (http-01): urn:acme:error:unauthorized :: The client lacks sufficin/acme-challenge/nRZoV3r_Loi4DcB8ntibaNu_3emGw2xUf-TirtB1g8Y: “<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE l1/D”
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: gitlab.domain.gr
Type: unauthorized
Detail: Invalid response from
http://gitlab.domain.gr/.well-known/acme-challenge/nRZoV3r_Loi4DcB8ntibaNu_3emGw2xUf-TirtB1g8Y:
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE html PUBLIC
“-//W3C//DTD XHTML 1.0 Strict//EN”\n
“http://www.w3.org/TR/xhtml1/D”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Apache 2.4
The operating system my web server runs on is (include version):
opensuse 42.3 leap
My hosting provider, if applicable, is:
papaki.gr
I can login to a root shell on my machine (yes or no, or I don’t know): yes
<VirtualHost *:80>
ServerName gitlab.domain.gr
DocumentRoot /srv/www/htdocs/gitlab.domain.gr
ErrorLog /var/log/apache2/gitlab.domain.gr-error_log
CustomLog /var/log/apache2/gitlab.domain.gr-access_log combined
<Location “/.well-known/acme-challenge/”>
Options None
AllowOverride None
ForceType text/plain
RedirectMatch 404 “^(?!/.well-known/acme-challenge/[\w-]{43}$)”
Require all granted
RewriteEngine on
Redirect all http traffic to https
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
RewriteRule ^/.*$ https://%{SERVER_NAME}/ [redirect]
<VirtualHost *:443>
DocumentRoot /srv/www/htdocs/gitlab.domain.gr
ServerName gitlab.domain.gr
ErrorLog /var/log/apache2/gitlab.domain.gr-error_log
CustomLog /var/log/apache2/gitlab.domain.gr-access_log ssl_combined
SSLEngine on
SSLProtocol all -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLHonorCipherOrder on
SSLCompression off
SSLCertificateFile
SSLCertificateKeyFile
SSLCertificateChainFile
ProxyPassReverse "http://192.168.7.74"
<Proxy “http://192.168.7.74”>
ProxySet connectiontimeout=60 timeout=300
RequestHeader set X-Forwarded-Proto “https”
<Directory “/srv/www/htdocs/gitlab.domain.gr”>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted