How to use SSL on a public IP with Ubuntu server+XAMPP

My domain is:

My DNS host name is: 123.online-server.cloud

I ran this command: ./letsencrypt-auto --help

It produced this output: command not found

My web server is (include version):
Server: Apache/2.4.51 (Unix) OpenSSL/1.1.1l PHP/7.3.33 mod_perl/2.0.11 Perl/v5.32.1

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: IONOS

Hello community,
I just create my VPS on IONOS and I want to use SSL on my public IP without a domain. I asked them but they told me that: "the SSL certificates included in the contracts can only be configured on domains that use our Name Servers".
In few words, I have to buy a domain.
I'm not a super expert of server but I can manage linux CLI if I am well instructed.

After I have tried various guides on this matter and have experimented firstly on a local version of Ubuntu server, I found this guide even made by IONOS, but I get the error I wrote above.

I'm asking help specifically for this issue, but as long as I'm not sure if I'm following the right path, I'm open to any other suggestion from you experts.
Thank you.

This is obsolete.

Please look for the current installation procedure for certbot: https://certbot.eff.org

That's not going to happen. Not now, at least. Maybe in the future.

You can get a third level domain from a random dynamic DNS provider or buy a very cheap domain.

5 Likes

Thanks 9peppe, I'd like to ask you few questions.
What happens if, when the Certbot process asks: "Please enter the domain name(s) you would like on your certificate ...", I use my DNS host name 123.online-server.cloud ? Would it be valid?
Do I need to provide a real email during the process or it could be optional?

2 Likes

If that host name resolves to your public IP address, it would be valid.

The email is optional, but recommended. Let's Encrypt will only use it to notify you of upcoming cert expiration.

6 Likes

(That is to say, if it works for the general public using the global DNS system, not just for you.)

6 Likes

I'm following the instructions on my VPS. Everything went fine up to point 7 (I skipped point 4), when using:

sudo certbot --apache

I get this error:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

The apache plugin is not working; there may be problems with your existing configuration.

The error was: NoInstallationError('Cannot find Apache executable apache2ctl')

This is the VPS linux version:

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.4 LTS"

Thanks for your help.

1 Like

You might have multiple versions of certbot installed.
Please show:
certbot --version
letsencrypt-auto --version

3 Likes
# certbot --version
certbot 1.24.0

# letsencrypt-auto --version
letsencrypt-auto: command not found

I never used Certbot in general and, for sure, it's the first installation on my VPS.

I have installed Apache with XAMPP so it resides in /opt/lampp/.

Could it be that Certbot searches apachectl in a path which is wrong in this case?

1 Like

Yes.

But you can adapt for that:

apache:
  Apache Web Server plugin (Please note that the default values of the
  Apache plugin options change depending on the operating system Certbot is
  run on.)

  --apache-enmod APACHE_ENMOD
                        Path to the Apache 'a2enmod' binary (default: None)
  --apache-dismod APACHE_DISMOD
                        Path to the Apache 'a2dismod' binary (default: None)
  --apache-le-vhost-ext APACHE_LE_VHOST_EXT
                        SSL vhost configuration extension (default: -le-
                        ssl.conf)
  --apache-server-root APACHE_SERVER_ROOT
                        Apache server root directory (default: /etc/apache2)
  --apache-vhost-root APACHE_VHOST_ROOT
                        Apache server VirtualHost configuration root (default:
                        None)
  --apache-logs-root APACHE_LOGS_ROOT
                        Apache server logs directory (default:
                        /var/log/apache2)
  --apache-challenge-location APACHE_CHALLENGE_LOCATION
                        Directory path for challenge configuration (default:
                        /etc/apache2)
  --apache-handle-modules APACHE_HANDLE_MODULES
                        Let installer handle enabling required modules for you
                        (Only Ubuntu/Debian currently) (default: False)
  --apache-handle-sites APACHE_HANDLE_SITES
                        Let installer handle enabling sites for you (Only
                        Ubuntu/Debian currently) (default: False)
  --apache-ctl APACHE_CTL
                        Full path to Apache control script (default:
                        apache2ctl)
  --apache-bin APACHE_BIN
                        Full path to apache2/httpd binary (default: None)

https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options

(or you can install apache the conventional debian way, it's easy enough.)

3 Likes

Thanks 9peppe, that is super-informative!

I decided, as you suggested, to install apache in the conventional way, then continue from the command

sudo certbot --apache

which now complete its process and the certificate has been successfully deployed for my DNS hostname 123.online-server.cloud, and also testing it with the browser is successful.

But then, if I stop the conventional apache to start instead the XAMPP apache, where I will create my website, the SSL certificate is not anymore recognized valid. :disappointed_relieved:

I feel like in a kind of a bottleneck now:

  • do I have to create another SSL certificate but pointing to the XAMPP installation (in this case, how can I do that)?
  • or, do you suggest to install also PHP, MySQL database (actually MariaDB) in the conventional way?

Thanks a lot for your help.

2 Likes

You don't need a second certificate. Just install the one you already have. (Edit the xampp Apache config including the SSL config you find in /etc/letsencrypt)

This is easier, imho.

2 Likes

You don't need a second certificate. Just install the one you already have. (Edit the xampp Apache config including the SSL config you find in /etc/letsencrypt )

IT WORKS!!! :star_struck: :star_struck:

Thanks to all of you guys, I've been struggling for days on this subject and this is my first server achievement. :trophy:

Trying to help someone else who were in the same situation, this is what I've done, based on the 9peppe's last comment:

  • I've located in the XAMPP installation the httpd-ssl.conf file which resides in /opt/lampp/etc/extra/
  • made a copy .bak of it
  • edit the original one replacing these lines:
SSLCertificateFile "/opt/lampp/etc/ssl.crt/server.crt"
SSLCertificateKeyFile "/opt/lampp/etc/ssl.key/server.key"

with

SSLCertificateFile "/etc/letsencrypt/live/www.your-website.com/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/www.your-website.com/privkey.pem"
  • start XAMPP Apache with sudo /opt/lampp/lampp start

Again, thanks a lot!! :hugs:

4 Likes

You also need to make sure that command gets run when the certificate is renewed.

Run certbot certificates and make a note of the "certificate name"

Then run certbot renew --cert-name "certificate name" --deploy-hook "/opt/lampp/lampp start"

I think there's a better command to reload that Apache, and I am not sure the automatic renewal will work. In that case you should use certbot renew --cert-name "certificate name" --deploy-hook "/opt/lampp/lampp start" --webroot -w /path/to/your/htdocs

(Do not force-renew, when certbot asks)

2 Likes

Thanks 9peppe,
I'm not sure you meant this lines of codes which I found in the documentation

sudo sh -c 'printf "#!/bin/sh\nservice some_server stop\n" > /etc/letsencrypt/renewal-hooks/pre/haproxy.sh'
sudo sh -c 'printf "#!/bin/sh\nservice some_server start\n" > /etc/letsencrypt/renewal-hooks/post/haproxy.sh'
sudo chmod 755 /etc/letsencrypt/renewal-hooks/pre/haproxy.sh
sudo chmod 755 /etc/letsencrypt/renewal-hooks/post/haproxy.sh
2 Likes

They don't look like they run on Windows, those lines.

I got confused with another thread.

Yeah, they are similar but those lines don't do much in their current state. Just adding --deploy-hook "command" where command reloads the server is enough.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.