I completed all the steps and when i enter continue getting following errors

Help
#1

Please fill out the fields below so we can help you better.

My domain is:www.xxxxx-jenkins.xxxx.com

I ran this command:sudo ./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d domain.com -d www.xxxx-jenkins.xxx.com

It produced this output:the ouput is from Remote Jenkins servers, I was unable to copy it , I got failed authorization procedure

My web server is (include version): MAC OS JENKINS SERVER
Please kindly respond to these post asap.
I’ll update once if anyone responded,

thanks!

#2

Hi @naveen.vemuri,

In order to help figure this out, we’ll need some more explanation of what you did and what the exact error message was. Were you told to create a file at a particular URL? Did you do that? Did you verify that it worked by accessing that file over the web with a browser or with curl?

And what’s the exact error from the CA? (We don’t necessarily need the whole thing pasted, but there are probably about 10 different failure reasons which have different causes, and which are at least partially indicated by the failure message.)

#3

hey,
thanks for you reply.

here are the steps I followed:

first installed home brew and followed by step by step unto running command

sudo ./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d semler-jenkins.moduscreate.com -d www.semler-jenkins.moduscreate.com --debug
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for semler-jenkins.moduscreate.com
http-01 challenge for www.semler-jenkins.moduscreate.com

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: Y

Create a file containing just this data:

h8Ai73pIysAo0_8d_ovk4HG_tVrq2CFkpxTx16c3mtU.cK8F5NZ3eM6WfdS4YfAGimKb5VbaU1Ael8hBWHx2X_Q

And make it available on your web server at this URL:

http://semler-jenkins.moduscreate.com/.well-known/acme-challenge/h8Ai73pIysAo0_8d_ovk4HG_tVrq2CFkpxTx16c3mtU

Press Enter to Continue

Create a file containing just this data:

oc5Obz8wbc4LAkmtaEgAkPhRXDGUcg9aDZRlZBFM8RU.cK8F5NZ3eM6WfdS4YfAGimKb5VbaU1Ael8hBWHx2X_Q

And make it available on your web server at this URL:

http://www.semler-jenkins.moduscreate.com/.well-known/acme-challenge/oc5Obz8wbc4LAkmtaEgAkPhRXDGUcg9aDZRlZBFM8RU

Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File “/Users/admin/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/Users/admin/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 753, in main
return config.func(config, plugins)
File “/Users/admin/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 692, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/Users/admin/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/Users/admin/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py”, line 357, in obtain_and_enroll_certificate

#4

certr, chain, key, _ = self.obtain_certificate(domains)
File “/Users/admin/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py”, line 318, in obtain_certificate
self.config.allow_subset_of_names)
File “/Users/admin/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py”, line 81, in get_authorizations
self._respond(resp, best_effort)
File “/Users/admin/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py”, line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File “/Users/admin/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py”, line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. www.semler-jenkins.moduscreate.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.semler-jenkins.moduscreate.com/.well-known/acme-challenge/oc5Obz8wbc4LAkmtaEgAkPhRXDGUcg9aDZRlZBFM8RU: "

404 Not Found

Not Found

<p", semler-jenkins.moduscreate.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://semler-jenkins.moduscreate.com/.well-known/acme-challenge/h8Ai73pIysAo0_8d_ovk4HG_tVrq2CFkpxTx16c3mtU: " 404 Not Found

Not Found

<p" Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:

#5

^^^^^ are the ouput I got when I run the command do I need to change or configure anything

#6

how to create afile at particular URL , I confused over there , I did I n opening an other terminal and making dire .well-known/acme-challenge and doing vi that some xvgghhhh>>>>>mmmm and going inside the file and pasting mmmmmm>>>>>>nnnnn and saving that file .
and come to other terminal and running continue and it shows other file to create and did that one allo and getting same error.

#7

curl http://semler-jenkins.moduscreate.com/.well-known/acme-challenge/h8Ai73pIysAo0_8d_ovk4HG_tVrq2CFkpxTx16c3mtU

404 Not Found

Not Found

The requested URL /.well-known/acme-challenge/h8Ai73pIysAo0_8d_ovk4HG_tVrq2CFkpxTx16c3mtU was not found on this server.

#8

Can you make a text file that’s visible at http://semler-jenkins.moduscreate.com/.well-known/acme-challenge/test.txt?

#9

how could I do that , sorry could give commands and where to create please.
do I go to terminal in new and use the vi http://semler-jenkins.moduscreate.com/.well-known/acme-challenge/test.txt

#10

In order to use --manual, you have to be able to do this on your own server. Right now there is a file somewhere that says "It works!" that's being served at

http://semler-jenkins.moduscreate.com/

Do you know where that file is?

#11

I have no idea where the file is, we given ip as domain to request certificate the ip is 192.225.169.112/8081 is the Jenkins server

#12

It looks like the web server is Apache, so there should be configuration files in /etc/apache2 that will indicate where it serves files from (which we often call the “web root”).

You might be able to find out with the command

grep -r DocumentRoot /etc/apache2

The .well-known/acme-challenge directory will need to be created inside there, not, for example, in the user’s home directory that you’re initially in when you connect to the server via ssh. (If there are multiple virtual hosts, they might have separate web roots and then each challenge file would need to be created inside of the appropriate one.)

A slightly related question: I assume you’re using -a manual because you’re running Certbot on a different computer from the web server. Is that true? If so, is there a specific reason that you wouldn’t be able to run Certbot directly on the web server instead of on a different computer?

#13

i’m running on remote server of mac os, I will connect from my windows machine using VNC server and open the terminal and do operations it will show lot of terminals I usually run in users/admin

#14

Are you running Certbot directly on the macOS server machine?

#15

yes , usually we login and do it on terminal

#16

OK, how did you decide to use -a manual? Almost all of the time that’s recommended when the web server is a physically separate computer from the computer that’s running Certbot, which is apparently not true in your situation.

#17

please let me the steps clearly how to go in process to get my Jenkins server secured in step by step

#18

I have no familiarity with Jenkins, so I wouldn’t be able to help you with that. I did help to write Certbot, so I can help you with Certbot, which should be able to at least get your certificate issued.

If you don’t have a specific reason to think that -a manual is necessary, I would suggest starting with the simple form

sudo ./certbot-auto --apache

It might be able to get and install your certificate automatically. If that doesn’t work, we can try something else.

#19

Make a note of it! This tutorial is now reaching its age (old) as Letsencrypt Certs renewing evolved to certbot! Certain things still useful, like Apache redirects but everything related to LE installatin needs to be updated. I will do when time sort it out!]
My first test of LetsEncrypt on my OS X Server was based on these instructions;

Tutorial for OS X local certificates and Shared Hosting

Server
I…

First I would like to give my thanks to @effg to had take the time to share his experiences on installing LetsEncrypt on his Server. First I tried to install “home brew” on my OS X Mavericks system and I ran into some issues.

  1. Home Brew only install through my user admin account and not as root.
    If you try to install Home brew by issuing the command;
    ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install102)"
    as root, It will fail. But if you open an new terminal window from your OS X Admin User Account, it will install just fine.
    There are some dependencies you should be aware:
    a. Install Git First
    https://git-scm.com/download/mac177
    http://sourceforge.net/projects/git-osx-installer/?source=typ_redirect114
    b. Install Xcode Tools
    root# xcode-select --install
    c. Install Pip
    https://pip.readthedocs.org/en/stable/installing/#install-pip248
    stackoverflow.com8

How do I install pip on macOS or OS X?
python, osx, pip, install
asked by The System on 08:44AM - 24 Jun 13

https://pypi.python.org/simple/pip/93
d. Install virtualenv
http://exponential.io/blog/2015/02/10/install-virtualenv-and-virtualenvwrapper-on-mac-os-x/159
$ sudo pip install virtualenv virtualenvwrapper

Seems like a lot to start but I read a lot information and just followed the links.
Now you are ready to install LetsEncrypt;
Begin with installing Let’s Encrypt via Terminal:
$ git clone https://github.com/letsencrypt/letsencrypt206
You must have “python” installed correct in your system because you will need it to generate and validate your certificates following these instructions. ( Home Brew will do that for you and that is the reason you need to install Home Brew first )
After installation, obtaining your certificates goes as follow:
cd letsencrypt
Now you begin with creating the certificates locally by defining key size and the domains:
./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d domain.com -d www.domain.com32
I found this part a little hard because It gets to a point you have to stop and validate your certificate; (steps)

lets-encrypt-installation-001.png
840x529 92.7 KB

lets-encrypt-installation-002.png
830x524 7.47 KB

lets-encrypt-installation-003.png
830x524 13.7 KB

lets-encrypt-installation-004.png
830x524 14 KB

lets-encrypt-installation-005.png
830x524 25.8 KB

Stop right here!
Now, you must have access to your domain.com web server root directory to create these folders;
mkdir -p .well-known/acme-challenge
After the creation of these folders you will have to open a root terminal window;
sudo tcsh

lets-encrypt-installation-006.png
830x524 44.6 KB

Here is the problem to many people. To validate the domain you need to create two files inside of the /acme-challenge/ folder.
Log as root;
cd .well-known/acme-challenge/
The name of the file is the first code on the picture; example;
z8HGS1t… —> finish with TmQy_M
inside of the file you must have the code that starts with
z8HGS1TBIE2s0Oau-o16… —> finish with THLKOHHJmHQI
(sorry, I got in a worry and I did not want to write the whole code here, but I am sure you will figure that out)
They are going to ask you to do that twice so you must have two files with the code inside your .well-known/acme-challenge/ directory.
Believe me, pay attention, this is not that easy!
One easy way to create the files is to open the terminal as root and cd to .well-known/acme-challenge/ directory
Then you use the nano editor.
[server root] # well-known/acme-challenge/…( code for title goes here)
inside of the file put the other code here…
then Control o to save, return and Control x to get out of the nano editor.
Ok, I hope you got this in the end;

lets-encrypt-installation-008.png
830x524 53.6 KB

Ok, Now you have your certificates and they are located on the /etc/letsencrypt/ directory!
cert.pem
chain.pem
fullchain.pem
privkey.pem
Next, you will have to install and configure your certificates together with your Apache Server

#20

here ^^^ what made me to do in step procedure to get servers secure