Google New Site


#1

Actually the problem is… We using Google Site as personal Site. The Classic site works greats no problem occur, options given to migrate or create Google New Site. Who ever migrate or create Google New Site, the site is no longer accessible and stating about certificate. I have long discuss with Mr Arjan from Google saying that the problem is with the Let’s Encrypt certificate. Does anyone facing same problem?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: fke.utm.my

I ran this command:

It produced this output:

My web server is (include version): portal.fke.utm.my

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi @zulhilmi,

Did they provide any rationale for this conclusion? I don’t think this is the most likely explanation.

It appears to me that this website is not accessible. The domain resolves to 161.139.114.23. Pings to this address timeout. Connecting to port 443 on this address returns a no route to host connection error that is usually indicative of a firewall blocking the connection.

Can you verify the IP address is correct and that access to port 443 is allowed for external connections?


#3

The let’s encrypt not yet install on this server. So means the port 443 ( for ssl ) not open. Are you suggest to install the let’s encrypt first. Sure. I can do that. I will notify after done installations


#4

Hi,

First of all… I don’t think any of your site is on Google Sites… (Or I didn’t understand the prompt correctly)

Is fke.utm.my your “personal site”? It looks like it’s hosted on your University’s servers.

What’s the site you actually having issues with?

Thank you


#5

Okay let’s me explain clearly. Our Faculty University using Site that being offer by Google but using our own domain name ( fke.utm.my )

For the classics site, no problem at all, we can create on the spot the Site is visible example :
http://htgye.fke.utm.my/ Origin url is : https://sites.google.com/a/fke.utm.my/htgyeweb/

For the new site, that I and some my friend create the site is not visible
https://testingzulhilmi.fke.utm.my/ Origin url is : **https://sites.google.com/fke.utm.my/testingzulhilmi **
https://eecs2018.fke.utm.my/ Origin url is : https://sites.google.com/a/fke.utm.my/eecs2018/ (migrate from Classic Google Site to New)

However, this site make the situation more weird because it is using new site and can be view :

**https://iotcarnival.fke.utm.my ** Origin url is : **https://sites.google.com/fke.utm.my/iotcarnival


#6

I have install the Let’s Encrypt using this manual https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7

and run / result as below. My question, is it possible to get certificate for testingzulhilmi.fke.utm.my since the Site are actually mapping from https://sites.google.com/fke.utm.my/testingzulhilmi.
Mapping also provided by Google.

And another of my question is, There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for: utm.my: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details. Is the certificate will be given to my fke.utm.my automatic or i need to request the code again manually.

[root@portal sites-enabled]# certbot --apache -d fke.utm.my -d testingzulhilmi.fke.utm.my
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for fke.utm.my
http-01 challenge for testingzulhilmi.fke.utm.my
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. testingzulhilmi.fke.utm.my (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://testingzulhilmi.fke.utm.my/.well-known/acme-challenge/k7GLWg42cWEAFumOky–dFC4em4HaLxyJFVzVmClHzU: Error getting validation data

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: testingzulhilmi.fke.utm.my
    Type: connection
    Detail: Fetching
    https://testingzulhilmi.fke.utm.my/.well-known/acme-challenge/k7GLWg42cWEAFumOky–dFC4em4HaLxyJFVzVmClHzU:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    [root@portal sites-enabled]# certbot --apache -d fke.utm.my
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator apache, Installer apache
    Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for fke.utm.my
    Waiting for verification…
    Cleaning up challenges
    An unexpected error occurred:
    There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for: utm.my: see https://letsencrypt.org/docs/rate-limits/
    Please see the logfiles in /var/log/letsencrypt for more details.
    [root@portal sites-enabled]#


#7

This error message gave us the reason & why Google sites aren’t covered by https.

It seems that your University need to submit for a rate limit increase in order for you or any other user who wants to request more certificate for any subdomains.

It’s possible once the rate limit are lifted (or passed the sliding window)

You would need to request that manually, like run certbot again (after rate limit passed / lifted)

Thank you


#8

Thank you. I will wait and try. Thank you again.


#9

I have installed the lets’s encyrpt and run a command here are error :-

[root@portal ~]# certbot --apache -d yazidx.fke.utm.my
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for yazidx.fke.utm.my
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. yazidx.fke.utm.my (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://yazidx.fke.utm.my/.well-known/acme-challenge/-SsnCivlqy4yncPLSuT5CofcH6q2SswgiFK2_RGq1jU: Error getting validation data

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: yazidx.fke.utm.my
    Type: connection
    Detail: Fetching
    https://yazidx.fke.utm.my/.well-known/acme-challenge/-SsnCivlqy4yncPLSuT5CofcH6q2SswgiFK2_RGq1jU:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.


#10

Hi,

The site you are trying to obtain certificate for it’s a Google site, you’ll need to ask Google to obtain it for you… (Even if you successfully obtained a certificate, google might not able to install it on the site)

Thank you


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.