Creating SSL certs for CouchDB

I’m trying to add SSL to my CouchDB database as described here. When using certbot to try to register a certificate for that domain, I got the following error:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: db.pythonista.cloud
   Type:   unauthorized
   Detail: Invalid response from
   http://db.pythonista.cloud/.well-known/acme-challenge/X_F_dkc5wQCl38ZA2HLOdfIC2olLFBhUEP8UihTxdIU:
   "{"error":"illegal_database_name","reason":"Name: '.well-known'.
   Only lowercase characters (a-z), digits (0-9), and any of the ch"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

because this subdomain hosts CouchDB, which looks for a database with this (illegal) name. How should I proceed?

I’m on Ubuntu 14.04. I used ./certbot-auto certonly to try to generate my certificate.

Since CouchDB can’t serve text files it can’t be used to complete the challenge. Your options are to move it off ports 80 and/or 443 so you can use the standalone authenticator with certbot or to use one of the clients that supports the DNS-01 challenge.

Sorry, what’s the “challenge”?

The challenge is how you prove that you have control over the domains that you are requesting certs for. Currently there are 3 ways of doing this.

• HTTP-01 - serve a certain text file under /.well-known/acme-challenge/

• TLS-SNI-01 - serve a self-signed cert with a certain name ending in .acme.invalid

• DNS-01 - create a certain TXT DNS record for the subdomain _acme-challenge.

You were trying to use the HTTP-01 challenge, however with CouchDB using port 80 this is not possible.

Ah, ok, makes sense now. Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.