I am running a Apache2 webserver from home. Currently the server is working on http. My setup is sketched.
incoming traffice to my home router IP port 81 ==> my home router (94.147.65.45) ==> my Ubuntu server running Apache2 listening on port 80.
I have two computers connected to my home router. Therefore external port 80 is occupied, as the traffic goes to another server. In order to direct traffic to my Ubuntu server running Apache2, I have setup port forwarding in my home router so external port 81 is mapped to local IP address of Ubuntu server running Apache2 with internal port 80.
To set up SSL I have done the followings:
Followed the guideline using certbot
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
All the above run without problem. I then edited this configuration file that originally looked like this
(env) hd2900@hd2900:~/Documents/Python/hd2900TakeawayPrint$ cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
WSGIDaemonProcess flaskapp threads=5 python-home=/home/hd2900/Documents/Python/hd2900TakeawayPrint/env
WSGIScriptAlias / /home/hd2900/Documents/Python/hd2900TakeawayPrint/flaskapp.wsgi
WSGIApplicationGroup %{GLOBAL}
<Directory /home/hd2900/Documents/Python/hd2900TakeawayPrint>
WSGIProcessGroup flaskapp
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
changed it to the below, where I uncommented the servername and commented out the wsgi lines. I have made a A record in DNS so that www.hd2900service.dimsum.dk is directed to my router IP 94.147.65.45.
cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName www.hd2900service.dimsum.dk
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#WSGIDaemonProcess flaskapp threads=5 python-home=/home/hd2900/Documents/Python/hd2900TakeawayPrint/env
#WSGIScriptAlias / /home/hd2900/Documents/Python/hd2900TakeawayPrint/flaskapp.wsgi
#WSGIApplicationGroup %{GLOBAL}
<Directory /home/hd2900/Documents/Python/hd2900TakeawayPrint>
WSGIProcessGroup flaskapp
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
After editing the configuration file I run the below command and got a failure that I am not sure how to debug.
(env) **hd2900@hd2900** : **~/Documents/Python/hd2900TakeawayPrint** $ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): myEmailAddress@emailDomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.hd2900service.dimsum.dk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for www.hd2900service.dimsum.dk
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.hd2900service.dimsum.dk
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.hd2900service.dimsum.dk - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My domain is: www.dimsum.dk
I ran this command: see above
It produced this output:
My web server is (include version): Apache/2.4.48 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 20.10
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):