First cert install - unauthorized


#1

Can anyone help with first time install of a cert?
My domain is:
www.wrightstrawmanor.ddns.net
I ran this command:
sudo certbot --apache

It produced this output:
IMPORTANT NOTES:

The operating system my web server runs on is (include version):
ubuntu 18.04
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

My .conf looks like this

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.

    ServerName wrightstrawmanor.ddns.net
    ServerAdmin webmaster@localhost

    ProxyPass /zm http://192.168.0.66/zm
    ProxyPassReverse /zm http://192.168.0.66/zm



    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

vim: syntax=apache ts=4 sw=4 sts=4 sr noet


#2

Hi,

As you are proxying the viewers to another internal server, you’ll need to exempt the .well-known/acme-challenge folder from being proxied to the backend server.

Thank you


#3

I think that should already be the case since it looks like only the URL path /zm is being proxied.

That being said I don’t know what’s actually going wrong here.

@Bruce69 could you share the output of the following command?

sudo apachectl -S


#4

Hi

Thank you for replying. Here is the response

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 192.168.0.55. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server wrightstrawmanor.ddns.net (/etc/apache2/sites-enabled/000-cctv.conf:1)
port 80 namevhost wrightstrawmanor.ddns.net (/etc/apache2/sites-enabled/000-cctv.conf:1)
port 80 namevhost wrightstrawmanor.ddns.net (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex proxy: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33


#5

Hmm, so you have two VirtualHosts for the same name and port in two different files (000-cctv.conf and 000-default.conf) - I guess that might be confusing certbot. Is that how you intended to configure it? I don’t think they can both function at the same time - if you don’t need one, try disabling it with a2dissite and see if that helps.


#6

I was just following some guide. its my first time setting this up for a home cctv system. should i delete 000-default.conf?


#7

If you’re not using it, yes. Just delete /etc/apache2/sites-enabled/000-default.conf which should be a symbolic link - don’t delete the actual file it links to, just in case.


#8

That worked, installed the cert etc however when you go to https://wrightstrawmanor.ddns.net or https://wrightstrawmanor.ddns.net/zm it does not work.


#9

You may need to configure your router to forward port 443 to the Apache server. Since the validation worked I guess you already did port 80, so just repeat whatever you did to make that work, but on port 443.


#10

Thank you thats solved it