How to acme challenge with Website runnning Apache, Django and FreeBSD

This says the web root path is /usr/home/sixpiece/python/emploiquebec/emploiquebec/, and I don't see in any of the output you've posted that you've tried using that.

5 Likes
$ sudo certbot certonly --webroot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): emplois.kagan.ch
Requesting a certificate for emplois.kagan.ch
Input the webroot for emplois.kagan.ch: (Enter 'c' to cancel): /usr/home/sixpiece/python/emploiquebec/emploiquebec/

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: emplois.kagan.ch
  Type:   unauthorized
  Detail: 108.61.177.246: Invalid response from http://emplois.kagan.ch/.well-known/acme-challenge/l6n8YvF3OJrq4RRgfgBjKETq652H25QD7SUmZ3qU74k: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
$

ok my bad I just updated the httpd.conf as follows :

<VirtualHost *:80>
    WSGIDaemonProcess emplois.kagan.ch python-home=/usr/home/sixpiece/env python-path=/usr/home/sixpiece/python/emploiquebec/
    WSGIProcessGroup emplois.kagan.ch
    WSGIScriptAlias / /usr/home/sixpiece/python/emploiquebec/emploiquebec/wsgi.py
    ServerName emplois.kagan.ch
</VirtualHost>

Why did you delete the line for DocumentRoot ? You now will be using the Apache default for that but I am pretty sure that is not what you want

3 Likes

it works fine without DocumentRoot , it doesn't need the line. I am not really here to learn how Apache works, I am not complaining about Apache but I would like to know what to do to get lets encrypt to work. You can check out the webpages that I am looking to get letsencrypt certification here: http://emplois.kagan.ch or Connexion | Site d’administration de Django , there is not much traffic planned but the person I am working with viewing the website will panic and see oh the browser says it's insecure etc., so it would be nice to just get the certification so that we don't have this issue... also it would be nice to get the certification to know what to do should I want any future installation of django to be able to work. It after all wouldn't be fair if letsencrypt uses python but doesn't let others to do so but that does not seem to be the case.

I understand that. Your certbot --webroot-path (-w) folder MUST match the DocumentRoot in effect for that domain.

Now that you have removed the DocumentRoot and are using the default folder value then you must also change the Certbot command

4 Likes

I double checked to make sure that you are not right changed the document Root to what it is supposed to be and re ran the test and it failed...

$ sudo apachectl -k restart
$ sudo certbot certonly --webroot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): emplois.kagan.ch
Requesting a certificate for emplois.kagan.ch
Input the webroot for emplois.kagan.ch: (Enter 'c' to cancel): /usr/home/sixpiece/python/emploiquebec/

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: emplois.kagan.ch
  Type:   unauthorized
  Detail: 108.61.177.246: Invalid response from http://emplois.kagan.ch/.well-known/acme-challenge/RBdb4MBHWf0fuvDyBRZLAeIyXC8fUmWVNB9915wpBMo: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
$

This was the last DocumentRoot I saw. Note the repeated folder at the end

Here is the webroot path used in your latest Certbot command.

At least these two are not the same. When you added the DocumentRoot back in what value did you choose?

4 Likes

/usr/home/sixpiece/python/emploiquebec/

despite accidentally deleting ServerName emplois.kagan.ch which just caused some problems in the last 5 minutes it does not need this line at all...

Just as a test what if you changed the above to the below. You aren't going to use WSGI in the port 80 VirtualHost anyway are you? I assume you will redirect all HTTP requests to HTTPS once you have a cert.

<VirtualHost *:80>
    ServerName emplois.kagan.ch
    DocumentRoot /usr/home/sixpiece/python/emploiquebec/
</VirtualHost>
2 Likes

it won't work I tried that already... I don't like the second link except that it gave me the tools for links 1 and 3... link 3 I am having issues implementing it... with pip...

django-letsencrypt · PyPI
apache2 - How to have apache handle .well-known/acme-challenge and still have / passed to wsgi - Server Fault

certbot-django · PyPI

trying to get one of them to work :slight_smile:

Installation — certbot-django 0.2.0.post6 documentation

and doing this now:

Other Installation Methods - Rust Forge (rust-lang.org)

Sorry, but I don't understand what I should do with those links.

Your problem is puzzling. Simply, Certbot places a file under the webroot-path you tell it. Certbot then tells the Let's Encrypt server to look for that file. The LE Server makes the HTTP request but cannot find it (gets a 404 Not Found).

When I make an HTTP request to your domain I just get a message of

Bonjour, vous etes a l'index 

Is that in a file in the DocumentRoot?: /usr/home/sixpiece/python/emploiquebec/

If not, make a test file there and let's check it

echo Test123 >/usr/home/sixpiece/python/emploiquebec/ChallengeTest
3 Likes

still working on it I get this error ... this is where I am at...

Successfully built cryptography
Installing collected packages: urllib3, PyJWT, pycparser, idna, charset-normalizer, certifi, requests, djangorestframework, cffi, cryptography, asymmetric-jwt-auth, certbot-django
Successfully installed PyJWT-2.8.0 asymmetric-jwt-auth-1.0.0 certbot-django-0.2.0 certifi-2023.7.22 cffi-1.15.1 charset-normalizer-3.2.0 cryptography-41.0.2 djangorestframework-3.14.0 idna-3.4 pycparser-2.21 requests-2.31.0 urllib3-2.0.4
(env) $ certbot certonly -d emplois.kagan.ch \
> -a certbot-django:auth \
An unexpected error occurred:
ImportError: cannot import name 'create_auth_header' from 'asymmetric_jwt_auth' (/home/sixpiece/.local/lib/python3.8/site-packages/asymmetric_jwt_auth/__init__.py)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpdob9lcuc/log or re-run Certbot with -v for more details.
(env) $ certbot certonly -d emplois.kagan.ch \
-a certbot-django:auth \
> --certbot-django-auth-key-directory=~/.ssh/certbot/ \
An unexpected error occurred:
ImportError: cannot import name 'create_auth_header' from 'asymmetric_jwt_auth' (/home/sixpiece/.local/lib/python3.8/site-packages/asymmetric_jwt_auth/__init__.py)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpat7s06ap/log or re-run Certbot with -v for more details.
(env) $

it's not a file it's an HttpResponse

Then can you make one as I described?

And, I thought Certbot was running but your latest post shows different

3 Likes

ImportError: cannot import name 'create_auth_header' from 'asymmetric_jwt_auth' (/home/sixpiece/.local/lib/python3.8/site-packages/asymmetric_jwt_auth/__init__.py)

Certbot is installed it runs but I don't believe that it's a daemon process that would continuously be running. It can be scheduled to run in crontab.

Doesn't the above command work?

It is not a daemon.

3 Likes