Cant install new certificate on Ubuntu based desktop server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:hughguess.com

I ran this command:sudo certbot --apache

It produced this output: Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: hughguess.com
Type: unauthorized
Detail: Invalid response from http://hughguess.com/.well-known/acme-challenge/jEfWtA4Eij3MBsrxHwEagXRgYTCInkwV3isdRohXbDo [15.197.142.173]: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): apache2

The operating system my web server runs on is (include version): POP OS desktop

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know):IDK

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.25.0

I am using an A list pointing to my home/private ip address and can access the internet through home but not on WAN.

Please help this amateur home server user.

1 Like

Welcome to the community @amateur1

I am about to sign off but you first must fix your DNS so it points to just your home IP (and hope your ISP gives you a fixed IP).

The 192 address is not a publicly routable IP so should not be in the public DNS. You need to sort out which of the other two you want.

Your DNS currently points to 3 different IP:

Name:   hughguess.com
Address: 15.197.142.173
Address: 192.168.0.239
Address: 3.33.152.147

This site is often helpful when starting out

2 Likes

I see you removed the private IP address from the DNS.

It looks like the 2 remaining IP point to an AWS ELB (maybe through Global Accelerator?). Can you explain what you are trying to do with that and your home desktop server?

That is not normally done that way. Why would you need to load balance one server?

2 Likes

Good morning Mike.
What i am basically trying to do is create a Debian server with NextCloud and Kodi/Plex installed and access it from both the LAN and the WAN and lock it down. I am using a Debian based desktop with LAMP stack until i become better with just the command line.
I did an IT course back in 2012 and i have finally have the time ( long story ) to explore Linux Debian based OS and try and create the server/servers i wanted to way back then.
When i bought my domain name the company set it all up automatically on their end from what i can tell.
I am mad keen on Linux and open source stuff in general, and have also been tinkering with de-Googled phones, but this server set up and getting it running is my main passion for now.
I appreciate any time you have to get me sorted with this. I spent 10 + hours yesterday to research and tinker around again, but i still haven't been able to get the ssl certificate working or access the WAN. And thanks for your follow up on my post.
So far all i have managed to do is set up the server with NextCloud server installed and access NextCloud through the LAN on all devices.

This might be a stupid question, but... have you enabled port forwarding on your router?

2 Likes

Not a stupid question and no i dont think i have.
Will check and get back to you, and thanks for the suggestion, sometimes it's the things we don't think of.
Cheers.

1 Like

Thanks for that. So, what role does AWS ELB / Global Accelerator have in this? Any?

Because your DNS still points to that but by the sound of it you need to point your DNS to your Debian Server.

You can find the public IP for that with this command to see the IPv4 and IPv6 address.

curl -4 ifconfig.co
curl -6 ifconfig.co

You might not have an IPv6 address - that's fine. Then, set the DNS A record to point to the IPv4 address - and only that address. And, set an AAAA record if you have an IPv6 address.

Right now any attempts at hughguess.com get directed to AWS because of the DNS

If you are just starting with the desktop system would be best to eliminate the AWS components to simplify the startup if nothing else. You can always add that later if necessary (but probably not).

2 Likes

Thanks a lot for the reply Mike.
After more tinkering with config files I have managed to lose LAN access.
I will reinstall the desktop etc during the week and start from scratch again.
With my skills, or lack of, fresh install is the easiest option.
Thanks for the advice with public address and
9peppe for theirs.
I will have to try port forwarding and A record next weekend when I get more time.
Will update my post then, hopefully with my success.
And thanks for your patience with this newbie.

Thanks for the quick reply Mike.
Unfortunately me being me I was tinkering with config files and managed to lose LAN access.
Will try both suggestions from yourself and 9peppe next weekend after reinstalling and starting from scratch again. Best for someone with my skills, or lack thereof.
I have Googled how to remove AWS from the desktop but have yet to find any way that makes sense.
Will try again next weekend and thanks for your patience.

1 Like

You don't remove AWS from desktop. Your DNS records are pointing at it.

Your DNS records are with your domain registrar which is the place you bought your domain name (GoDaddy?). Those need changing.

2 Likes

Thanks Mike.
Cannot edit or remove AWS ip addresses from GD only add public IP address .
Sorry if I sound stupid with all this.

1 Like

Makes no sense to me. Should ask GD why that is. Maybe your account there does not allow DNS control? And why it would have AWS IP's without you knowing what they are is odd. GD and DNS is the place to start though.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.