Good Morning,
I have two raspberry on the same LAN and I would like to be able to access https at both, unok is on port 80 and the other on port 800, does anyone know how to do it?
Hi @rwgamer,
Are you wondering about how to get separate certificates for both Pis, how to get a certificate when you only have limited ports available, how to share the same certificate across both Pis, how to access them from the public Internet using a single IP address, or something else?
how can I get two different certificates on the same domain because it always gives me this error letsencrypt "Failed authorization procedure"
If you’re using the HTTP-01 authorization method, you need to be able to answer HTTP requests on port 80. If you’re using port 80 for something else, the authorization will always fail.
If you can’t arrange it so that HTTP requests on port 80 reach a path configured by the Let’s Encrypt client, you can use the DNS-01 method. This requires making changes to your DNS zone as requested by the certificate authority, which is easiest if your DNS provider provides an API to make zone updates.
if you fail with two different certificates can I use the same?
So, in order to get a certificate at all you need to either be able to make specified DNS changes or answer specific HTTP requests on port 80. First you’ll have to choose the method of doing that. One of these is necessary in order to prove your control over the domain name.
After that, you can use the certificate on any port you want. The certificate’s validity isn’t specific to a port number. You’ll need to have a copy of the corresponding private key on every machine that uses the certificate to provide a service.
If you want to try to debug the “Failed authorization procedure” messages that you’ve been seeing, you should show us the entire command that you ran and the entire output from that command, including all of the associated error messages.
I used command:
sudo ./letsencrypt-auto --verbose --apache
Error is:
Reporting to user: The following errors were reported by the server:
Domain: dominio.duckdns.org
Type: connection
Detail: Fetching http://dominio.duckdns.org/.well-known/acme-challenge/An_jzIEuTByRrP4EyjTNBQWlg3RYl6csbGgnjFSs6jk: Connection refused
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in
sys.exit(main())
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 1240, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 994, in run
certname, lineage)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 118, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate
self.config.allow_subset_of_names)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
self._respond(resp, best_effort)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. dominio.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://dominio.duckdns.org/.well-known/acme-challenge/An_jzIEuTByRrP4EyjTNBQWlg3RYl6csbGgnjFSs6jk: Connection refused
Failed authorization procedure. rwdomotica.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://dominio.duckdns.org/.well-known/acme-challenge/An_jzIEuTByRrP4EyjTNBQWlg3RYl6csbGgnjFSs6jk: Connection refused
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: dominio.duckdns.org
Type: connection
Detail: Fetching
http://dominio.duckdns.org/.well-known/acme-challenge/An_jzIEuTByRrP4EyjTNBQWlg3RYl6csbGgnjFSs6jk:
Connection refusedTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Thanks for posting that!
So, the way that you used Certbot here implies that port 80 of dominio.duckdns.org (and rwdomotica.duckdns.org) — as seen by the outside world — would be pointed at port 80 of the server where you were running Certbot, and that server would already have a copy of Apache installed (whether or not it was listening on port 80). Is all of that true in this case?
Don't hide the real domain name, it will be public anyway after issuing a certificate for it.
We cannot help you without knowing the domain name.
$ telnet rwdomotica.duckdns.org 80
Trying 80.180.47.17...
telnet: Unable to connect to remote host: Connection refused
Your RPi does not listen on port 80 or you don't forward port 80 from your router to this RPi.
if you listen to it but do not have a page, you need a home assistant for google home
How can I verify the thing in telnet?
I don't mean listen like in "listening to music".
The problem here is: the host behind your domain name (80.180.47.17) does not offer a web service on port 80 (http), either because you did not configure your internet router accordingly to forward incoming requests to port 80 to your RPi or your RPi does not run a web server.
port confing primary RPi 3 with O.S. HASS.IO
name port - protocol port - WAN port - LAN port - Adrees IP - MAC address
port configuration secondary RPi 1 B+ with O.S. Raspbian
name port - protocol port - WAN port - LAN port - Adrees IP - MAC address
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.