Creating SSL certs for CouchDB


#1

I’m trying to add SSL to my CouchDB database as described here. When using certbot to try to register a certificate for that domain, I got the following error:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: db.pythonista.cloud
   Type:   unauthorized
   Detail: Invalid response from
   http://db.pythonista.cloud/.well-known/acme-challenge/X_F_dkc5wQCl38ZA2HLOdfIC2olLFBhUEP8UihTxdIU:
   "{"error":"illegal_database_name","reason":"Name: '.well-known'.
   Only lowercase characters (a-z), digits (0-9), and any of the ch"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

because this subdomain hosts CouchDB, which looks for a database with this (illegal) name. How should I proceed?

I’m on Ubuntu 14.04. I used ./certbot-auto certonly to try to generate my certificate.


#2

Since CouchDB can’t serve text files it can’t be used to complete the challenge. Your options are to move it off ports 80 and/or 443 so you can use the standalone authenticator with certbot or to use one of the clients that supports the DNS-01 challenge.


#3

Sorry, what’s the “challenge”?


#4

The challenge is how you prove that you have control over the domains that you are requesting certs for. Currently there are 3 ways of doing this.

  • HTTP-01 - serve a certain text file under /.well-known/acme-challenge/

  • TLS-SNI-01 - serve a self-signed cert with a certain name ending in .acme.invalid

  • DNS-01 - create a certain TXT DNS record for the subdomain _acme-challenge.

You were trying to use the HTTP-01 challenge, however with CouchDB using port 80 this is not possible.


#5

Ah, ok, makes sense now. Thanks!


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.