Error getting SSL certificate

But that doesn't explain "0.0.0.0" when used in DHCP protocol.
Which is by default sent outside the localhost [broadcast to all Fs]

[exceptions to the rules! LOL]

1 Like

It's not like I can send a packet to the whole internet by running echo -e 'Hi!' | nc 255.255.255.255

Looking around it looks like DHCP uses 0.0.0.0 when it cannot get an IP address.

1 Like

Correct; But should it be using that IP outside its own network?
[exception to the rule]

1 Like

No... does it?

1 Like

That depends on what you consider "its own network".
I see that as 127/8.
So, (to me) anything outside itself it on some "other" network.

But if you see that as any directly accessible "locally" attached network...
Then that includes all layer 1 and 2 reachable systems.

1 Like

That's strange. It's also a very uncommon situation. It'd have to have a connection, use DHCP, but not find a DHCP server.

Really unusual.

1 Like

Actually, when you ask DHCP for an IP and don't get one, it should self-assign one within the APIPA (169.254/16) network.

1 Like

I can't edit the A and NS records of the domain so I think I do need to involve an ELB and EC2. I did buy a book solely about DNS, but I never read it. I have been using computers since I was about 13, practically every day, but I am now 51 and a bit burnt out by it all. I've also done a degree in computers, specialising in computer networks, but that was over 10 years ago. From my understanding DNS (Domain name service) just translates IP addresses to human-readable domain names. My understanding falls short at that. Any help is much appreciated

I understand that 127.0.0.1 is the loopback service and localhost, but why would apache be pointing to 127.0.1.1. Do I need to change it and how do I do that?

It looks like the ELB/EC2 setup is interfering with the Let's Encrypt HTTP challenge. If you can't change your DNS records then you need to figure out how to configure these AWS systems. You should probably contact GoDaddy about this.

I am guessing there might be a redirect service in GoDaddy (say, a URL redirect) which needs those but you should get full control of your DNS instead (I am not a GoDaddy expert). And, as I noted, redirects to IP addresses won't work with LE. (also refer back to my post #5)

This redirects to your Pi but not URLs with a path or page

curl -i http://severindouble.com

HTTP/1.1 301 Moved Permanently
Date: Thu, 31 Mar 2022 14:00:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 54
Connection: keep-alive
Location: http://86.9.177.236
Server: ip-10-123-123-247.ec2.internal
X-Request-Id: 2ba59e7b-0687-4962-a8ce-3bd74e6c168d

<a href="http://86.9.177.236">Moved Permanently</a>.
1 Like

Mmm. Would it be best to just transfer the domain name to somebody that allows you to edit all the DNS records?

I think you should be able to update the DNS at GoDaddy. I think the easiest first step is to ask them. They have this page which describes how to do it. At least, that page shows changing NS records but presumably A records are similar.

If you can change the NS records you could transfer DNS elsewhere (like maybe Cloudflare) while keeping your name registration at GoDaddy.

1 Like

I can see that:

LOL

What you wrote (IPs to names), describes reverse DNS (rDNS) where the IP is known and the name is being requested.
Forward DNS (DNS) provides IPs when only the name is known (names to IPs).

Hard to say what that does and why it was put there.
I would just work around it.

1 Like

Hi there again. Ive made some progress. I contacted GoDaddy and they were very helpful. It was because I had forwarded the domain that I couldn't edit the A record. Once I deleted that and changed the A record to point at my raspberry pi, it worked, although I may have accessed a cached version, because when I issued the commands sudo certbot --apache and sudo certbot renew --dry-run (which seemed to run successfully) I can no longer access the site; the connection timed out. Could it possibly be to do with the fact that apache is pointing to 127.0.1.1 instead of 127.0.0,1?

If you use a CNAME, you cannot add any other record, yes.

If apache is listening on any ip of the form 127.x.y.z (this includes both 127.0.1.1 and 127.0.0.1) you can only access it from the same machine on which apache is running. You have to make apache listen to connections from other machines. It's usually done by omitting the IP on which it listens or by telling it to listen on 0.0.0.0 (IPv4) and [::] (IPv6).

1 Like

OK. So I've made the required listen directives and can now access the site from other machines through the local internal network address, the external router address and with my domain name, but it isn't accessible through https://

Did you forward port 443?

1 Like

Doh! Sorted. Thanks to everyone for all their help

2 Likes

Hi there again. I'm trying to redirect to https using the .htaccess file in the root web directory /var/www/html, but despite trying about 5 different versions, none of them work!!! This is the content of my .htaccess file:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www.)?severindouble.com
RewriteRule ^(.*)$ https://www.severindouble.com/$1 [R,L]

Thanks for any help. Much appreciated

Old answer, hacky thing given that your ssl-port is not set to 80, this will work:

RewriteEngine on

# force ssl
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Might help

5 Likes