I wonder if this can ever work, bejond my understanding


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: forum.tamarisktechnicals.com

I ran this command: sudo certbot --apache

It produced this output:
Which names would you like to activate HTTPS for?


1: forum.tamarisktechnicals.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for forum.tamarisktechnicals.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. forum.tamarisktechnicals.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://forum.tamarisktechnicals.com/?path=.well-known/acme-challenge/6ZEBAcBu3Ys53m33HQQTNUyi8x1ZaHPst-6IeSdy9c8%!f(MISSING) [64.182.104.20]: “\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n<META NAME=“keywords” CONTENT=”">\r\n<META NAME=“description” CONTENT="">\r\n</he"

IMPORTANT NOTES:

My web server is (include version):Server version: Apache/2.4.29 (Ubuntu) Server built: 2018-10-10T18:59:25

The operating system my web server runs on is (include version): ubuntu 18.04 LTS

My hosting provider, if applicable, is: dnsexit.com and a home server, see later

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

OK let me start my ramblings, long sorry.

I have a web page tamarisktechnicals.com hosted on dnsexit.com and they provide ssl certificates, automatically as a free service.
I am tying to learn more about computers and software packages, so I have a free second level domain that points to my home WAN IP, ports 80 and 443 are picked up and forwarded to a small PC on my home network. That already has certbot running and providing ssl certificate (thanks).

So I wished to have another simple server running a phpbb system, this in on yet another PC on my home network. Now the issue was I already used my home router to redirect ports 80 and 443 to the first server, so needed to find a method of coming in on another port.

So I thought I would have forum.tamarisktechnicals.com being on port 8000 (could have been 8080).
I was told that dns records can not have port numbers so I struggled setting it up.
dnsexit came up with a solution for me that works and talks to port 80 on my server.
They set up a home.tamarisktechnicals.com in dns that points to my external IP. and forum.tamarisktechnicals on dns as well. This has URL forwarding ‘with cloaking’ setup for forum.tamarisktechnicals.com , to go to, home.tamarisktechnicals.com:8000

It took me a while to understand what it was about but it does work it comes to me on port 8000 and is forwarded to 80 on the correct machine, but unfortunately certbot errors as above I believe because it is seeing the IP of the website for tamarisktechnicals.com

Is there any thing else I could try.

Adrian


#2

That will not be possible for authentication.

That will only work within a browser:

 <frame name="_self" src="http://home.tamarisktechnicals.com:8000" scrolling="yes" frameborder="no" noresize>

You have two possible working choices:

  1. Use DNS authentication.
  2. Proxy the HTTP requests through the first server to the second.

#3

Thanks for listing the two possible ways.

I will have a read up on things because it is getting above me.

Perhaps if I just bite the bullet and get a better server pc and have both forum.tam**** and the first server address pointing to my home site, port forward 80 and 443 through the router, then have the server with two virtualhosts I would save a lot of time?

Adrian