Error al activar certificado SSL

Help Ayuda (en Español)
1

Buen día comunidad.

Tengo un sitio de wordpress con bitnami y estoy intenta ejecutar este tutorial para obtener el certificado ssl (Generate and configure a Let's Encrypt certificate) y no me ha sido posible, ya que me genera dos errores.

Ejecuto de la siguiente manera los comandos:

1. sudo /opt/bitnami/ctlscript.sh stop ( el servicio se para de manera correcta)

2. sudo /opt/bitnami/letsencrypt/lego --tls --email="soporte.titinos@gmail.com" --domains="titinos.com.co" --domains="www.titinos.com.co" --path="/opt/bitnami/letsencrypt" run

presenta el error:

2023/06/15 06:35:47 [INFO] [titinos.com.co, www.titinos.com.co] acme: Obtaining bundled SAN certificate
2023/06/15 06:35:47 [INFO] [titinos.com.co] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236962922647
2023/06/15 06:35:47 [INFO] [www.titinos.com.co] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236962922657
2023/06/15 06:35:47 [INFO] [titinos.com.co] acme: use tls-alpn-01 solver
2023/06/15 06:35:47 [INFO] [www.titinos.com.co] acme: use tls-alpn-01 solver
2023/06/15 06:35:47 [INFO] [titinos.com.co] acme: Trying to solve TLS-ALPN-01
2023/06/15 06:35:47 [INFO] [www.titinos.com.co] acme: Trying to solve TLS-ALPN-01
2023/06/15 06:35:47 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236962922647
2023/06/15 06:35:48 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236962922657
2023/06/15 06:35:48 Could not obtain certificates:
error: one or more domains had a problem:
[titinos.com.co] [titinos.com.co] acme: error presenting token: could not start HTTPS server for challenge: listen tcp :443: bind: address already in use
[www.titinos.com.co] [www.titinos.com.co] acme: error presenting token: could not start HTTPS server for challenge: listen tcp :443: bind: address already in use

Se mata el proceso que esta utilizando el puerto 443 que es httpd

Se ejecuta de nuevo sudo /opt/bitnami/letsencrypt/lego --tls --email="soporte.titinos@gmail.com" --domains="titinos.com.co" --domains="www.titinos.com.co" --path="/opt/bitnami/letsencrypt" run

2023/06/15 06:37:54 [INFO] [titinos.com.co, www.titinos.com.co] acme: Obtaining bundled SAN certificate
2023/06/15 06:37:54 [INFO] [titinos.com.co] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236963326697
2023/06/15 06:37:54 [INFO] [www.titinos.com.co] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236963326707
2023/06/15 06:37:54 [INFO] [titinos.com.co] acme: use tls-alpn-01 solver
2023/06/15 06:37:54 [INFO] [www.titinos.com.co] acme: use tls-alpn-01 solver
2023/06/15 06:37:54 [INFO] [titinos.com.co] acme: Trying to solve TLS-ALPN-01
2023/06/15 06:38:11 [INFO] [www.titinos.com.co] acme: Trying to solve TLS-ALPN-01
2023/06/15 06:38:24 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236963326697
2023/06/15 06:38:24 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236963326707
2023/06/15 06:38:24 Could not obtain certificates:
error: one or more domains had a problem:
[titinos.com.co] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 34.74.19.47: Timeout during connect (likely firewall problem)
[www.titinos.com.co] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 34.74.19.47: Timeout during connect (likely firewall problem)

Se revisa la regla en firewall de google cloud y esta activa el puerto 443 y se permite a la instancia de la VM que tiene alojado el wordpress

Y al tratar de generarlo por medio de (sudo /opt/bitnami/bncert-tool) ultima version, me arroja el siguiente error.

Domains

Please provide a valid space-separated list of domains for which you wish to
configure your web server.

Domain list : titinos.com.co

The following domains were not included: www.titinos.com.co. Do you want to add them? [Y/n]: y

Warning: The domain 'titinos.com.co' resolves to a different IP address than the
one detected for this machine, which is '35.229.25.102'. Please fix its DNS
entries or remove it. For more info see:
Configure a custom domain
Press [Enter] to continue:

image
image849×451 13.8 KB

Es de aclarar que tengo mi dominio apuntando a esa IP, porque al dominio se acogen otros servicios adicionales.

Agradezco si me pueden ayudar a aplicar las correcciones necesarias para activar el certificado SSL.

Muchas gracias.

1 Like
2

You won't be able to obtain a cert for a name that resolves to some other IP.
IP 35.229.25.102 is not IP 34.74.19.47.

Why are you using the same FQDN then [in two places]?

Note: I don't use Bitnami nor WordPress, [and it's almost 3am here] so I won't be replying much more.

4 Likes
3

Rg305, gracias por la respuesta.

Pero resulta que la IP 34.74.19.47 .esta configurada en el dominio en el registro A, y la IP 35.229.25.102 es la de la maquina virtual que tengo en google cloud, pero para que me redirija al dominio, tengo un balanceador de carga que todo lo resuelve hacia la IP 34.74.19.47.

En este caso recomiendas que haga ajustes en el hosting en el registro A y asigne la ip de la maquina de google ?

1 Like
4

Su balanceador de carga agrega mucha demora (!!) (casi medio segundo, creo).

Con balanceador de carga comúnmente se obtiene el certificado directamente en el balanceador.

3 Likes
5

pero este no se esta siendo reconocido, y no se sabe cual sea el error

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.