I ran this command: sudo docker-compose logs letsencrypt
It produced this output:
Creating/renewal davehust.me certificates... (davehust.me)
letsencrypt_1 | [Sun Oct 22 01:27:57 UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
letsencrypt_1 | [Sun Oct 22 01:27:57 UTC 2023] Creating domain key
letsencrypt_1 | [Sun Oct 22 01:27:58 UTC 2023] The domain key is here: /etc/acme.sh/hustdave@gmail.com/davehust.me/davehust.me.key
letsencrypt_1 | [Sun Oct 22 01:27:58 UTC 2023] Single domain='davehust.me'
letsencrypt_1 | [Sun Oct 22 01:27:58 UTC 2023] Getting domain auth token for each domain
letsencrypt_1 | [Sun Oct 22 01:27:59 UTC 2023] Getting webroot for domain='davehust.me'
letsencrypt_1 | [Sun Oct 22 01:27:59 UTC 2023] Verifying: davehust.me
letsencrypt_1 | [Sun Oct 22 01:28:02 UTC 2023] davehust.me:Verify error:70.32.23.95: Invalid response from http://davehust.me/.well-known/acme-challenge/G6RzUG4Wh-KkXnRi9e44jnnydy-F79pkJSb_Sx5UoSw: 404
letsencrypt_1 | [Sun Oct 22 01:28:02 UTC 2023] Please check log file for more details: /dev/null
My web server is (include version): Google CloudApache
The operating system my web server runs on is (include version): Ubuntu 20.04.6 LTS
My hosting provider, if applicable, is: a2hosting
I can login to a root shell on my machine (yes or no, or I don't know): idk
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Command 'certbot' not found
Problem:
I'm trying to put the Judge0 compiler on a Google Cloud VM so I can access it through a page on my domain. I'm able to get this to work over HTTP via Insomnia, but I need it over HTTPS so it can work on my website. So I started a new HTTPS server and I'm getting this error:
Invalid response from http://davehust.me/.well-known/acme-challenge/G6RzUG4Wh-KkXnRi9e44jnnydy-F79pkJSb_Sx5UoSw: 404
Whenever I run the SSH CLI it tries to make a cert but it fails. I made a .well-known/acme-challenge folder in my public_html folder to see if that would help but it didn't. I'm guessing if it ran properly it would make that for me? Not sure how to troubleshoot this since I'm not very familiar with Ubuntu, Nginx, LetsEncrypt, and Google Cloud VMs. It's seems like this is my last hurdle and I can move on.
34.41.44.190 is the Google Cloud VM External IP, which is where the Judge0 compiler is running.
70.32.23.95 is my domain where I will be using the compiler.
There is a docker-compose.yml file in the judge0 container that asks me to set the VIRTUAL_HOST , LETSENCRYPT_HOST and LETSENCRYPT_EMAIL. I changed it to 34.41.44.190, which is the server's IP, but it still used 70.32.23.95, which is davehust.me, when trying to make the cert. Ultimately, I'm not sure what to change.
HTTP-01 authentication will follow global DNS.
The IP for the name "davehust.me" currently points to IP 70.32.23.95.
That is where LE will try to connect to validate the certificate request.
If that is NOT where the ACME client is running, then we have a problem.
I still don't get the design/layout.
Perhaps a picture can provide enough words to explain it.
[I've heard they can paint one thousand words]
If the site will be served by the nginx server on the right...
Via what name will the clients be connecting to it?
The current name points to the server on the left.
Users will only see the webpage on the left. When they press a "run" button, the code will be sent to the compiler on the right.
Ok. I think I know what may need to happen but it's still not clear how it will all work. But maybe I don't need to know and it will just work.
Now that I remember how I connected when I used the HTTP server, I believe the compiler's server (on the right) is the one that needs the cert. Which makes sense because when my website tries to connect to the compilier, it says it's missing a cert (or something like that). So now I have to figure out where to change it from davehust.me to the 34.41.44.190.
The thing I'm wondering though is how this whole certification stack will validate the letsencrypt token that's supposed to be sent to /.well-known/acme-challenge/ since, I believe, that's usually sent to the websites server, not the compiler's Ubuntu server which I will be sending it to now.
Via what FQDN? [if davehust.me, then that site needs a cert]
I'm thinking both sides may need a cert. [but they can't use the same name]
You may need to give the one on the right its' own name.
Like: compiler.davehust.me
[with its' own IP and cert]
Do you want to encrypt that purple connection?
If so, do you want a free cert to do that with?
I don't know what connection needs HTTPS. All I know is that the website on the left already uses HTTPS, so we should be good there. And the compiler on the right needs a cert so that I can send information to it using HTTPS.
