Create SSL certificate locally


#1

My domain is: panetown.com

I ran this command: I use the command promp with let’sencrypt.exe

It produced this output:
[INFO] Authorize identifier: panetown.com
[INFO] Authorizing panetown.com using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://panetown.com/.well-known/acme-challenge/P3oZqR-oAhWHqrqhXU7_rsgZkGFIh7tlsOuRbsEuyAE
[EROR] Authorization result: invalid
[EROR] ACME server reported:
[EROR] [type] urn:acme:error:unauthorized
[EROR] [detail] Invalid response from https://panetown.com/.well-known/acme-challenge/P3oZqR-oAhWHqrqhXU7_rsgZkGFIh7tlsOuRbsEuyAE [142.93.193.210]: "<!doctype html>\n<html lang=“en”>\n \n Page Not Found\n\n <meta charset=“utf-8”>\n <meta "
[EROR] [status] 403
[EROR] Create certificate failed

My web server is (include version): Google Chrome Versión 72.0.3626.119

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I’m using puTTY to manage my Droplet

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I don’t know my Cerbot’s version but I just installed Cerbot two days ago so is the newest version

I do have an SSL certificate in my domain but I want one that runs locally and I’m not being able to install it


#2

Hi @PequeCeci

if there is a dns entry yourDomain -> ip of your server, then you can’t create a new certificate in your local environment. Letsencrypt checks your online server, not your local machine.

But you can use your online certificate local - copy the certificate files.


#3

I copy the certificates and where do I paste them, how can I access them using puTTY?


#4

Do you have a step for step guide or a videotutorial on how to do this? @JuergenAuer


#5

how can I solve this error then?
[EROR] Authorization result: invalid


#6

Check your online vHost configuration. There is a

Server: Apache/2.4.29 (Ubuntu)

So search your port 443 vHost. There should be something like

        SSLCertificateFile      /etc/ssl/star.example.com.crt
        SSLCertificateKeyFile   /etc/ssl/star.example.com.key

Use the same configuration local, correct the links to the local files.


#7

when trying to create a new certificate I have this errors:
[EROR] Unable to activate HttpListener, this may be due to non-Microsoft webserver using port 80
[EROR] Error resolving validation plugin
[EROR] Validation plugin not found or not created.
[EROR] Create certificate failed


#8

how can I access to my online vHost? please help I’m very bad with configuration stuff


#9

Hi @PequeCeci,

I think you may have a misunderstanding about certificate issuance.

Since the DNS record for panetown.com points at your Ubuntu server, only that server can request certificates from Let’s Encrypt using this validation method. That means that running letsencrypt.exe on your Windows machine isn’t helpful at all: the letsencrypt.exe application is meant for requesting new certificates, but your Windows machine can’t do this because it can’t prove any kind of connection to the domain panetown.com. (If you could get a certificate for panetown.com on your Windows machine this way, anyone else could also get a certificate for your domain; that would make the certificate meaningless!)

Your certificate files already exist on your Ubuntu machine, and you can download them to your Windows machine if you want. If you used Certbot, they’ll be found in /etc/letsencrypt/live/panetown.com. There are four PEM-format files there, each with different contents. For most purposes, you use fullchain.pem and privkey.pem.

Depending on what you want to do with the certificate on your local machine, you might need to convert the certificate files to another format after downloading them. Also, they’re only valid for 90 days, so you would need to redownload them after each certificate renewal.

If you only want to have a certificate on your local machine in order to do web development work there, you don’t really need to have the publicly-trusted valid certificate on your machine. You could use a self-signed certificate instead and tell your browser to accept it as valid. Normally the only reason that you need the publicly-trusted valid certificate is to allow the general public to access a site or service with HTTPS without receiving an error or a warning. To allow your own computer to accept itself as panetown.com, you could use a self-signed certificate instead.


#10

so what option do I choose from this:
1: Single binding of an IIS site
2: SAN certificate for all bindings of an IIS site
3: SAN certificate for all bindings of multiple IIS sites
4: Manually input host names
C: Cancel
I wan’t a certificate for all my local projects so what do I choose @schoen ?


#11

Are you just doing this for web development purposes (accessing the sites via a browser)? If so, why are you using IIS on your local machine instead of the same web server application that runs on your live site? (Wouldn’t it be unrealistic for web development purposes to use IIS locally when the real site isn’t hosted with IIS?)


#12

I’m just doing it like this becouse a tutor from Udemy says so, but what do you suggest?


#13

I do wan’t to access from a browser of course @schoen, you mean by typing for example “Panetown” and find my website? yes of course I want that kind of SEO


#14

I don’t understand what IIS is @schoen sorry :frowning:


#15

Do you recomend I use openSLL? or something?? can you give me a link I don’t have much information about doing it locally @schoen


#16

the thing is I’m using mailgun so it needs to be locally secured https


#17

Is this a tutor (a person) or a tutorial (a written or video guide)?

I don’t think that you’ll be likely to succeed in your current task with your lack of familiarity with the tools that you’re using and the nature of the things that you’re trying to do. If you’re following a course of study in order to learn more about web development, I’d suggest going back to a more basic level that introduces you more gradually to what you’re doing. If you’re setting up a commercial site that you want other people to use, I’d suggest paying someone else to handle more of the infrastructure for you, or following some other tutorials that you understand better in order to gradually improve your knowledge of these topics.

Setting up all of your own technical infrastructure for a commercial site can be complicated and requires some background knowledge. It can be a great thing to do, but you have to acquire the background knowledge somehow.

Right now, it seems like you’re trying to do some complicated tasks whose nature and purpose you don’t have much conceptual understanding of. This makes it hard for us to help you because we don’t know why you’re trying to do any of the things that you’re trying to do, and we don’t know whether they’re relevant to your goals.


#18

(I’m also guessing that you might be a native Spanish speaker. If you think you’re running into a language barrier, you can feel free to write in Spanish on this forum; I understand it and so do several other participants on the forum.)


#19

can I post in spanish then? that would be great


closed #20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.