Error obtaining certificate

alfmig · September 17, 2017, 11:31am

Hi all,

this is the first time I try to get a certificate, so I had to install certbot on my pc (with Linux Mint 17.3).
The domain for which I’d like to get a certificate is radiovanloon.info, bought on Gandi. I really don’t know my webserver specs, but I use Gandi Simple Hosting service with PHP 5.6 as language and MySQL 5.6 as database. I think I may activate my shell login, even though I’d rather not, as I’m not an expert.

In order to install certbot, I just followed the available tutorial:

~$ sudo git clone https://github.com/certbot/certbot.git certbot
cd certbot
~/certbot$ ./certbot-auto

Packages like openssl, gcc, python ca-certificates were already up to date. Packages like augeas-lenses libaugeas0 libexpat1-dev libffi-dev libpython-dev libpython2.7-dev libssl-dev python-dev python-setuptools python-virtualenv python2.7-dev zlib1g-dev were installed, even though it could not authenticate the libssl-dev package, which I decided to install anyway.
At the end of the process, it gave me a red line (last one below):

Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

Then I just followed the hint: Certbot doesn’t know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run “certbot-auto certonly” to do so. You’ll need to manually configure your web server to use the resulting certificate. But again it returned this:

Failed to find executable apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

I then selected the temporary webserver (standalone), entered my email, selected my domain (radiovanloon.info), which eventually ended in this:

Failed authorization procedure. radiovanloon.info (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: alert(112)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: radiovanloon.info
   Type:   tls
   Detail: remote error: tls: alert(112)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   you have an up-to-date TLS configuration that allows the server to
   communicate with the Certbot client.

My DNS records seem to me ok, but if you need - don’t know if it is secure - I’ll paste it here.

Thanks a lot!

ahaw021 · September 17, 2017, 12:19pm

that is not a recommended method but if certbot is working it's ok.

review install options: https://certbot.eff.org/

also you are publishing an IPV6 address. Is your web server reachable on that IP?

Andrei

alfmig · September 17, 2017, 1:59pm

I was following this, though I'm not sure it is working because I got that "apache2ctl" failure. Do you have advice on this?

Also: I can't really understand what you saying on the rest of the post. What/where am I supposed to check?

Thanks

ahaw021 · September 18, 2017, 3:15am

you could have used a tool like this http://ipv6-test.com/validate.php to check your server is listening on IPV6 (it is)

you seemed to have caching involved which shouldn’t do anything but could be causing issues.

I would suggest that you use the webroot plugin as your server is serving content via HTTP on port 80

More information is in the documentation: https://certbot.eff.org/docs/using.html#webroot

Andrei

system · October 18, 2017, 3:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.