Get certificate using localhost install centos 6

Hi

I’m on shared hosting with centOS 6 and have no shell access.

I have installed centOS 6 on Oracle virtual box on my home machine in the hope that I can obtain certs for my live sites from this installation. Everything works fine until I actually apply for a cert (./path/to/certbot-auto --apache certonly).

I get errors stating domain not found on 127.0.0.1

Please advise if this scenario is even possible

Sorry for lack of fine detail - I don’t have access to my home machine from my present location.

Thanks and regards

You can’t get a cert in quite that way, no.

Do you have FTP / SFTP access to your server ? alternatively does your DNS provider have an API. if either os these is true then there is a way you can obtain a cert from your virtualbox at home, yes.

Also, does your hosting have a control panel ? if so, what is that control panel ? (I’m asking to try and work out how you can upload / use your cert once obtained )

Hi serverco - thanks for your reply.

I have FTP access. My provider does have an API for installing a cert.The control panel is ‘cpanel’. I can’t give you much more detail about these aspects at the moment as I can’t get to cpanel from my current location (on company network based in Luxemburg).

Regards

Once you have access to your cpanel, it might be worth checking the version number. In the latest release of cpanel (58) it includes an option for automatically including LE certificates called AutoSSL Chatting to your hosting provider and getting them to include this will be the easiest option.

If it’s an older version, of cpanel, then you could use getssl which will run on your virtualbox, automatically upload the tokens etc to your webserver (via FTP) and obtain a certificate for you.

Ok - thanks for the info. I’ll check that out as soon as I get home.

Cheers

Hi again

Sorry for delay in updating this thread. I’m finding the Olympics a bit of a distraction.

I’ve had partial success when using getssl, but ran into a couple of problems.

According to instructions here. I should see the following files and directories created:
~/.getssl
~/.getssl/getssl.cfg
~/.getssl/yourdomain.com
~/.getssl/yourdomain.com/getssl.cfg

This was successful except the file
~/.getssl/getssl.cfg
was created as
~/.getssl/create-getssl-config

Anyway I updated create-getssl-config with my default preferences and then updated ~/.getssl/yourdomain.com/getssl.cfg with my site details.

However, when I ran the command: getssl mydomain.com, I got the response: getssl: command not found.

What have I missed?

These are two different things.

If you have updated ~/.getssl/yourdomain.com/getssl.cfg with my site details, you should be OK though.

Where did you install getssl to ? if in your default directory you may need to run ./getssl if elsewhere then /path/to/getssl

Thanks for quick response

./getssl did the trick, thanks.
However, i got an error registering account. “getssl: Error registering account”.
Is this because I’ve missed something in the config file?
Creating domain csr was successful.

Yes, it sounds like it. Since cpanel has a script in to automatically install Let's Encrypt certs for you, that is almost certainly the easiest way to obtain certs for a cpanel server now.

with getssl - can you use the "-d" option to provide debut information . I suspect it's probably because you are using the wrong agreement ( in you downloaded and started this when there was an old agreement ( https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf ) and now there is a new agreement ( https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf ). It may be worth checking which you have in your config file.

The agreement is the latest (Aug 1)

I tried -d and got the following response:

getssl_response.PNG717×389 5.09 KB

I’m totally out of my comfort zone now

Regards

The error says “invalid email” … is there a typo in your email address ?

Thanks again - yes there was a typo - should’ve noticed that, sorry.

slight improvement - but now I get response
’for some reason could not reach http://heffernans.net/.well-known …’ with the challenge token.

I usually have this entire site password protected, but I removed that temporarily before using getssl. I presume the placement of the challenge token is done via FTP?

I created .well-known/acme-challenge directories prior to running getssl - is that correct?

I guess I’ll have to verify the path for FTP and HTTP

Thanks again and regards

From how you described your scenario, yes the token is uploaded via FTP (I’ve assume you have defined FTP and the path in your getssl config )

Hi again

Still having problems getting the challenge token uploaded to my site. Where should the FTP user enter the server file system?

I’ve tried with user entering at site root and have used relative path and absolute path, with no luck.

Regards

You may be better off with these questions when using getssl on the specific site for getssl -

From the help;

# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location.
# An ssh key will be needed to provide you with access to the remote server.
# If these start with ftp: or sftp: then the next variables are userid:password:servername:ACL_location
ACL=('/var/www/example.com/web/.well-known/acme-challenge'
     'ssh:server5:/var/www/example.com/web/.well-known/acme-challenge'
     'ftp:ftpuserid:ftppassword:example.com:/web/.well-known/acme-challenge')

so in the getssl.cfg file for this certificate, you would add in the location in the format

ftp:ftpuserid:ftppassword:example.com:/web/.well-known/acme-challenge

where
ftp: tells it to use ftp
ftpuserid is your FTP username
ftppassword is your FTP password
example.com is your domain / host name ( where FTP is going to connect to )
/web/.well-known/acme-challenge is the location where the token needs to be uploaded to

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.