Configuraçao certifcado Certbot para Gitlab






Estou com um problema que não sei mais oq fazer

Erro que aparesenta ao rodar o comando certbot certonly --standalone -d repositorioc.walter.net ou certbot certonly --webroot -w /opt/gitlab/embedded/html -d repositorioc.walter.net


certbot certonly --standalone -d repositorioc.walter.net

walter@repositorioc:~$ sudo certbot certonly --standalone -d repositorioc.walter.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for repositorioc.walter.net

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: repositorioc.walter.net
Type: unauthorized
Detail: 50.116.86.29: Invalid response from http://repositorioc.walter.net/.well-known/acme-challenge/Fx9WOwyPcOVLxTVJ0jbitf4yAznJFTWbuafchySjFxY: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.


certbot certonly --webroot -w /opt/gitlab/embedded/html -d repositorioc.walter.net

walter@repositorioc:~$ sudo certbot certonly --webroot -w /opt/gitlab/embedded/html -d repositorioc.walter.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for repositorioc.walter.net

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: repositorioc.walter.net
Type: unauthorized
Detail: 50.116.86.29: Invalid response from http://repositorioc.walter.net/.well-known/acme-challenge/YiZtKy8h8_YMV0RJ3NgqI60oal-5oWSsIp9-LWj_Qz8: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Enviei uns print do log do lets encrypt como jpg
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------``

Tu parece ter outro servidor web rodando nessa máquina, e o certbot não vai conseguir inicializar o servidor dele (--standalone) porque a porta 80 já está em uso - veja mensagen de erro na foto erro4 "Certbot wasn't able to bind to port :80 using IPv4". E usando o teu servidor (--webroot) pra essa verificação, ele não está publicando o que o certbot está gerando. Aí é configuração do teu servidor HTTP - não sei se ele força atualizar de HTTP pra HTTPS, por exemplo, ou tem restrições de acesso a pastas/arquivos, ou se o caminho dos arquivos/pasta está errada.

It looks like you have another web server running on this system, so certbot won't be able to initialize its own (--standalone) as port 80 is in use - see message on picture error4 "Certbot wasn't able to bind to port :80 using IPv4". Then while using your own web server (--webroot) for the authentication, it ain't publishing certbot's data. This is on your HTTP server config - not sure if it upgrades HTTP to HTTPS, for instance, or if it restricts access to certain folders/files, or if you are using a wrong destination for your web parent folder.

1 Like