Install on UBUNTU fails

Hello
I am trying to install the SW following these instructions:
https://certbot.eff.org/#ubuntutrusty-apache and everything works fine until I try this command:
$ sudo apt-get install python-certbot-apache

Here is the result:

root@xxx:~# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: XXXXX.to

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):1
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for XXXXX.to
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. XXXXX.to (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: XXXXX.to
    Type: connection
    Detail: Timeout

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    root@xxx:~#

I can assure you that DNS is ok and site is reachable (it is up and running). I did also check the URL with http://dnscheck.pingdom.com/?domain=XXXXX.to and got all green lights.
Any idea ?
Please note I edited out the full URL with "XXXXX"
THX

Do you have a firewall or router (NAT?) blocking incoming connections to port 443?

Yeah ! that’s it ! it was blocked.
Now it works :slight_smile:
thx :slight_smile:

https now works but it is not “green” and not marked secure. is it normal ?

No, that’s not normal. Could have many reasons why it isn’t green, but most likely there’s unsecure content (i.e.: http:// in stead of https://) on your page(s).

You can check the above by putting the site or page without a green padlock through Why No Padlock?.

Hello
thank you. I did it and I got some info:

  1. big red cross next to “Server supports SSLv3, may be vulnerable to POODLE attack. It is suggested to disable the SSLv3 protocol. Server certificate”
  2. list of 12 insecure items in the form of:
    “Insecure URL: http://xxxxxx.to/wp-content/uploads/2014/10/XXXXLogoCropped.jpg
    Found in: https://xxxxxx.to/

How can I secure JPG files ?
THX

Use https://, not http://

ok, thank you. How do I disable the certificate ?

What do you mean by “disable”? As in turn off HTTPS on your web server? You’d just have to take out the relevant configuration from Apache.

To fix the issues you mentioned, though, you should 1) update all resource URLs to point to https:// versions of their content and 2) Disable SSLv3 and SSLv3 on your web server. You should only be using TLS nowadays.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.