Let's Encrypt (ubuntu / terminal / nginx / apache ) ...error

Help
1

I am trying to obtain free SSL/TLS certificates using the certbot 1.21.0 program from the command line (terminal) by entering the following entry:
certbot certonly --apache --noninteractive --agree-tos --email xxx@gmail.com -d kris67.duck.dns.org
or
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d kris67.duck.dns.org
but I always get an error:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for kris67.duckdns.org

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: kris67.duckdns.org
Type: connection
Detail: xx.xx.1x1.x05: Fetching http://kris67.duckdns.org/.well-known/acme-challenge/yVtDJxxxxxxRVYIqd2hxxxxzmPCPyJxVxxxxRr4: Error getting validation data

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I want to access the Jellyfin server that I installed on the LinuxMint Virginia system (ubuntu / jammy) and the server after configuring the Apache program is available from the following address:
http://kris67.duckdns.org:8096
I did it according to this tutorial https://www.linuxcapable.com/how-to-install-jellyfin-media-server-on-linux-mint/
Unfortunately I can't get a secure HTTPS connection :frowning:
Now I'm using the apache configuration... but it's similar on nginx

2

Well, this:

is not the same as this:

. So as you clearly aren't copy/pasting the commands you actually ran, it's hard to tell if there are other things that are missing or different. It's also strange that you're trying to mask your IP address, when you're giving the domain name that points to that IP address.

But what fundamentally seems to be going on is that your server isn't responding on port 80, which is required in order for you to get a certificate this way.

4 Likes
3

Uppss ... This is my mistake, I entered it correctly in the terminal in the forum.
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email my@gmail.com -d kris67.duckdns.org
I forwarded port 80/443 to the IP of the PC in the LAN:
182.168.1.XX with Jellyfin server.
I think the certificates have been created, but there are some other errors, maybe with the installation of the above-mentioned on a given system?
................................

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for kris67.duckdns.org

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/kris67.duckdns.org/fullchain.pem
Key is saved at: /etc/letsencrypt/live/kris67.duckdns.org/privkey.pem
This certificate expires on 2024-06-28.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Error in checking parameter list: AH00112: Warning: DocumentRoot [/var/www/html/jellyfin/public_html] does not exist
AH00526: Syntax error on line 26 of /etc/apache2/sites-enabled/jellyfin.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/jellyfin.example.com/fullchain.pem' does not exist or is empty

Could not install certificate

NEXT STEPS:

  • The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:
    certbot install --cert-name kris67.duckdns.org

Apache is unable to check whether or not the module is loaded because Apache is misconfigured.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

4

Where does this file come from? And why is SSLCertificateFile configured with it?

2 Likes
5

only path exists in the system:
/etc/letsencrypt/live/
and there are only:

ls
kris67.duckdns.org README

?
Ps. In directory : kris67.duckdns.org ...there are such files:

cert.pem chain.pem fullchain.pem privkey.pem README

6

So why is Apache configured for the jellyfin.example.com certificate? Did you manually put that there?

2 Likes
7

I think I entered something wrong in the Apache configuration :frowning:
my config:

<VirtualHost *:80>
    ServerName kris67.duckdns.org

    # Redirect HTTP to HTTPS
    Redirect permanent / https://kris67.duckdns.org

    ErrorLog /var/log/apache2/jellyfin-error.log
    CustomLog /var/log/apache2/jellyfin-access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName kris67.duckdns.org

    DocumentRoot /var/www/html/jellyfin/public_html

    ProxyPreserveHost On

    ProxyPass "/socket" "ws://localhost:8096/socket"
    ProxyPassReverse "/socket" "ws://localhost:8096/socket"

    ProxyPass "/" "http://localhost:8096/"
    ProxyPassReverse "/" "http://localhost:8096/"

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/jellyfin.example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/jellyfin.example.com/privkey.pem
    Protocols h2 http/1.1

    SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5
    SSLHonorCipherOrder on

    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

    ErrorLog /var/log/apache2/jellyfin-error.log
    CustomLog /var/log/apache2/jellyfin-access.log combined
</VirtualHost>
</IfModule>

Maybe I'll start over by removing the apache program... or I'll do it with nginx which seems to be easier to configure.
But I don't know if I can do it if some certificates have already been downloaded to my PC for this domain: kris67.duckdns.org?

1 Like
8

Well, I can repeat myself again about the jellyfish.example.com over and over, but I have the feeling that would be futile.

That's way overkill.. It's not that hard of a puzzle. You already have gotten the certificate. Only you have something weird in your Apache configuration, something I have pointed to a few times now. It shouldn't be too hard to connect the dots..

3 Likes
9

I guess the tutorial wasn't written well :frowning:

There's more written on the Jellyfin website... information about the need to create a folder: public_html
and granting permissions?

10

That guide is using nginx, you're using Apache? So I'm puzzled how your incorrect SSLCertificateFile directive could be the fault of the tutorial?

Why did you replace the DOMAIN_NAME from that guide with jellyfin.example.com in the SSLCertificateFile and SSLCertificateKeyFile directives?

2 Likes
11

I think I explained it clearly that I followed the linux mint tutorial: there is a configuration with: apache + nginx! but not explained thoroughly, you can get confused... now I will remove apache and do it with nginx

12

OK... it worked! I had to create two folders and change the name of the faulty domain in the Apache configuration to mine (in the certificate path) and I repeated creating the certificate in the terminal but with the reinstallation option.
It's better to do it with nginx, it's simple to configure!

13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.