Let's Encrypt for intranet subdomain


#1

I just want to confirm: you can’t use Let’s Encrypt on intranet websites, correct?

moltest.ourdomain.pl provided via VirtualHost, because I can’t use IP (duh)

I’ve been using:

$sudo certbot --authenticator webroot --installer apache --webroot-path /home/MINSKT -d moltest.ourdomain.pl

And I get:

Failed authorization procedure. moltest.ourdomain.pl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://moltest.ourdomain.pl/.well-known/acme-challenge/62pLlqQTxnX2Zd3jESQK52x9WVib9rVxWooHitljy34: "

<html

Domain: moltest.ourdomain.pl
Type: unauthorized
Detail: Invalid response from
http://moltest.ourdomain.pl/.well-known/acme-challenge/62pLlqQTxnX2Zd3jESQK52x9WVib9rVxWooHitljy34:
" <html "

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

We’re using Debian 8 with Apache operated via SSH.

Yeah DNS A record… where?


#2

Hi @Serpher

this is wrong. You can use dns-01 - challenge, so you have to create a dns txt entry

_acme-challenge.moltest.yourdomain.pl

with a special value to get a certificate with moltest.yourdomain.pland / or with *.moltest.yourdomain.pl

Then you don’t need an A-record or a webserver.

In your dns-settings of your domain.


#4

Ok I managed to install it, but how can I use it on my site now? (very noobie question)


#5

You used

With

certbot certificates

you can see your active certificates (path and filenames of your private key and your certificate). Check your apache configuration, if the new certificate is used.

Or share your domain name and your apache config.


#6

We have tomcat7 installed so there additional stuff to configure.
I’ve tried this:


Didn’t work, site wen’t down.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.