Feel Like I am an idiot/missing something small

Trying to setup SSL for Go-Phish campagin.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
et-c1.net
I ran this command:
letsencrypt certonly --manual -d et-c1.net
It produced this output:
Domain: et-c1.net
Type: connection
Detail: Fetching http://et-c1.net/.well-known/acme-challenge
/CT_tBWbWv71aUu8s1POCGV2i5rz9Lmd-Go_mb3TfBqg: Connection refused
My web server is (include version):
?
The operating system my web server runs on is (include version):
Ubuntu 16.04.3 LTS
My hosting provider, if applicable, is:
AWS / EC2
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

wget http://et-c1.net
–2018-01-27 17:11:16-- http://et-c1.net/
Resolving et-c1.net (et-c1.net)… 18.218.101.142
Connecting to et-c1.net (et-c1.net)|18.218.101.142|:80… failed: Connection refused.

Maybe I messed up my security group then? (First time with AWS so that could be)

Type
Protocol
Port Range
Source
Description
HTTP
TCP
80
0.0.0.0/0
HTTP
TCP
80
::/0
Custom UDP Rule
UDP
3333
0.0.0.0/0
Custom UDP Rule
UDP
3333
::/0
SSH
TCP
22
0.0.0.0/0
SSH
TCP
22
::/0
Custom TCP Rule
TCP
3333
0.0.0.0/0
Custom TCP Rule
TCP
3333
::/0
HTTPS
TCP
443
0.0.0.0/0
HTTPS
TCP
443
::/0

please show:
netstat -lpunta
sudo ufw status

netstat -lpunta
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 172.31.42.253:22 98.227.53.195:58831 ESTABLISHED -
tcp 0 0 172.31.42.253:22 73.58.154.245:57834 ESTABLISHED -
tcp6 0 0 :::22 :::* LISTEN -
udp 0 0 0.0.0.0:68 0.0.0.0:*

sudo ufw status
Status: inactive

You don’t have a web server running. Just sshd on 22/tcp.

Face Palm

I thought it was included with Go-Phish…Apparently not. Now I am getting

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: et-c1.net
    Type: unauthorized
    Detail: Invalid response from http://et-c1.net/.well-known/acme-
    challenge/k1KYAVEdiRa0DUm-mQd8mSkcEYgEJlPIbC93RIoRfAk: "

    404 Not Found

    Not Found

    <p"

But what did you exactly do to get this message?

letsencrypt certonly --manual -d et-c1.net

If you use --manual, the program asks you to do a bunch of things for the http-01 challenge. What information did you enter into the program?

All I got was asking for an email then
Are you ok with your IP being logged? Then
press enter to continue

The manual plugin should also ask you to put a file with a certain name with a certain content in a specific location… It didn’t ask you such things?

mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge
root@gophish01:~# cd /tmp/letsencrypt/public_html
root@gophish01:/tmp/letsencrypt/public_html# printf “%s” Tmu-kNwbQQGkxQ-Xbcmq9jmoXHNhVx9z2MIoxb9axuE.f5s9fxR_73sRNcVCSRZLwCtsVzkzrlFJZg-uh7h-9AA > .well-known/acme-challenge/Tmu-kNwbQQGkxQ-Xbcmq9jmoXHNhVx9z2MIoxb9axuE
root@gophish01:/tmp/letsencrypt/public_html# mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge
root@gophish01:/tmp/letsencrypt/public_html# cd /tmp/letsencrypt/public_html
root@gophish01:/tmp/letsencrypt/public_html# printf “%s” Tmu-kNwbQQGkxQ-Xbcmq9jmoXHNhVx9z2MIoxb9axuE.f5s9fxR_73sRNcVCSRZLwCtsVzkzrlFJZg-uh7h-9AA > .well-known/acme-challenge/Tmu-kNwbQQGkxQ-Xbcmq9jmoXHNhVx9z2MIoxb9axuE
root@gophish01:/tmp/letsencrypt/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c \

"import BaseHTTPServer, SimpleHTTPServer;
s = BaseHTTPServer.HTTPServer((’’, 80), SimpleHTTPServer.SimpleHTTPRequestHandler);
s.serve_forever()"
Traceback (most recent call last):
File “”, line 1, in
File “/usr/lib/python2.7/SocketServer.py”, line 418, in init
self.server_activate()
File “/usr/lib/python2.7/SocketServer.py”, line 440, in server_activate
self.socket.listen(self.request_queue_size)
File “/usr/lib/python2.7/socket.py”, line 228, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 98] Address already in use

Sorry I had done those steps see above. Sorry for any confusion on that.

Made it work all it right with the world!

If you did use --manual, please bear in mind that you’ll need to repeat the same steps before your certificate expires in 90 days! The --manual option doesn’t work with automated renewal.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.