Hi,
Is it possible to maintained the LetsEncrypt SSL Certificates in the Centralized Server using ubuntu 14.04 with Apache?
Thanks
Gopalakrishna
explain your use case a bit more so people can advise appropriately
I have to create the SSL Certificates example.com, www.example.com and testing.in, wwww.testing.in respectively. But i want to maintain the those SSL Certificates in the Centralized Server.
If it is maintained the Centralized server, it is very easy to renew those SSL certificates.
I am using ubuntu 14.04 and apache
One approach that some people have used with great success is making
http://example.com/.well-known/acme-challenge/
(and the corresponding URL on every other domain that you obtain certificates for) return a 301 redirect to
http://validation.example.com/.well-known/acme-challenge/
The certificate authority is willing to follow redirects when performing validations. So then you could run (for example) Certbot with --webroot, or another ACME client that also uses HTTP-01 validation, on the validation.example.com server. You can request certificates for any of the domains that redirect to validation.example.com and the ACME server, following the redirects, will be willing to give you certificates for those domains.
Thereβs nothing special about the name βvalidation.example.comβ; you can call the machine whatever you want.
1 Like
Hi
Thanks for updating.
My domain(example.com) is pointing to AWS ELB(with A Record) and it has two ec2 instances.Presently that domain contained the SSL Certificates which was provided by Startcom.
I want to generate the SSL Certificates for that domain(example.com) using letsencrypt with separate system. I had my own ec2(beta.example.com) instance with apache configuration and installed letsencrypt. I want generate the SSL Certificates in my own ec2 instance(beta.example.com) for example.com through letsencrypt and maintained the multiple domains ssl certificates.
My Apache configuration of example.com is :
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/example
Redirect permanent / http://beta.example.com/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
My own ec2 instance(beta.example.com) apache configuration is :
<VirtualHost *:80>
ServerAlias beta.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/beta
<Directory β/var/www/beta/.well-known/acme-challenge/β>
Order Allow,Deny
ALLOW from all
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
I tried to execute the command: ./certbot-auto certonly --webroot -w /var/www/beta/ -d example.com
I got the error is :
Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/Lbm3T_9F2pgNm94GCWYzY4pWaNzULfy0_433XFc_dc8: "
403 ForbiddenForbidden
<p"IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: example.com
403 Forbidden
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/Lbm3T_9F2pgNm94GCWYzY4pWaNzULfy0_433XFc_dc8:
"Forbidden
<p"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
I created the one test file under /var/www/beta/.well-known/acme-challenge/. I can able to see the file through browser as well as content of the file.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.