Experience from NAT:ed virtual Ubuntu server with WP-sites/NGinx

This tips should I have needed!!

  1. IPv6:
    If you have IPv6 enabled, configure that IPv4 should be default (for outgoing requests if hosts have both) in /etc/gai.conf:

    precedence ::ffff:0:0/96 100
    scopev4 ::ffff:169.254.0.0/112 2
    scopev4 ::ffff:127.0.0.0/104 2
    scopev4 ::ffff:0.0.0.0/96 14

2: “Challange URL”:
You must be able to get the “challange url” from machine itself and the solution is to add requested domain to /etc/host:

127.0.0.1	localhost yourdomain1.xxx yourdomain2.xxx

Because of the other IP’s at the outside of the firewall…

3 Stop your Nginx and temporary run the python code:
Run the “tool” with debug, verbose and textmode from “cli”

sudo ./venv/bin/letsencrypt auth -t -v --debug -m hostmaster@yourdomain1.xxx -d yourdomain1.xxx

Copy the challange python code from the output to an other terminal with root:

mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge
cd /tmp/letsencrypt/public_html
echo -n '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "xxxxxxx.
.
.
s.serve_forever()"

4 There are no sharp certs to get yet:
I thought it was possible to get real certs allready (without full “browsersupport”) if you checked out the “client” from GIT, after I read the blogposts from Sep 14. But thats not the case, you only get a hacker fake cert until at least November 16…

Maybe the above works better, when released…

2 Likes