Installation Let's Encrypt Problem After Varnish


#1

I installed varnish in my droplet (Ubuntu 16.04 and running Wordpress in Apache) and it works great.After that when I install let’s encrypt I got this messages and I think it’s about Varnish. ( I guess ). Maybe I’m missing something about configuration

My domain is:socksunited.com

I ran this command: sudo certbot --apache -d socksunited.com -d www.socksunited.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for socksunited.com
http-01 challenge for www.socksunited.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.socksunited.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.socksunited.com/.well-known/acme-challenge/SHL7T_8KyjKxQaf3pmP4fEmqqT_Gc6xjAnpa49fUu9Y: “\n\n \n 503 Backend fetch failed\n \n \n

Error 503 Backend fetch f”, socksunited.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://socksunited.com/.well-known/acme-challenge/gBMfkiz6QOg6334rqdJAzAPkbVuoHBWB2WNWinObXP8: “\n\n \n 503 Backend fetch failed\n \n \n

Error 503 Backend fetch f”

IMPORTANT NOTES:

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

I don’t know why that’s not working - looks like Varnish is failing to connect to Apache during the challenge for some reason. However…

If you’re using Varnish in front of Apache, the connection from the end user’s browser hits Varnish first, so installing a cert in Apache won’t do any good (at best, Apache will start listening directly on port 443, bypassing Varnish for HTTPS connections) - and Varnish itself doesn’t support HTTPS natively at all. What you probably want is to set up a separate TLS terminator in front of Varnish - this guide suggests using Hitch, and looks like it should work well if you can figure out how to swap out the CentOS-specific instructions for their Ubuntu equivalents.


closed #3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.