If you find dns-01 complicated, the easy solution is to switch ISP.
dns-01 isn't actually complicated, but you need to find the right certbot plugin for your DNS provider. Also, your DNS provider and your domain registrar can be different companies, so, let's say you registered your domain on GoDaddy: nothing is preventing you from using cloudflare as authoritative DNS.
Hi, thank you for your reply. My domain registrar is REG-123 and they seem to use go daddy as the DNS provider ??
Is this the correct API:
If you want to change DNS provider you have to look for NS and glue records. They should be in the registrar interface.
Hi, would would I gain by changing to a different DNS provider, surely I will still have the same problems ??
It can make dns-01 easier. It won't help with opening your ports.
Please remember my post mentioning acme-dns above.
Hi, I know you said not to run with this method but I just want to get SSL installed on my server. The installation seemed to go OK and I seem to have everything installed OK:
pi@raspberrypi:~ $ sudo ls -l /etc/letsencrypt/live/footiefantasy.eu
total 4
lrwxrwxrwx 1 root root 40 Aug 7 11:00 cert.pem -> ../../archive/footiefantasy.eu/cert1.pem
lrwxrwxrwx 1 root root 41 Aug 7 11:00 chain.pem -> ../../archive/footiefantasy.eu/chain1.pem
lrwxrwxrwx 1 root root 45 Aug 7 11:00 fullchain.pem -> ../../archive/footiefantasy.eu/fullchain1.pem
lrwxrwxrwx 1 root root 43 Aug 7 11:00 privkey.pem -> ../../archive/footiefantasy.eu/privkey1.pem
-rw-r--r-- 1 root root 692 Aug 7 11:00 README
I installed the TXT and the _acme-challenge:
You shouldn't forget the _acme-challenge.www record
Please, in the future, if you say "it's not working" please specify WHAT's not working. Error messages? Screenshots? Exact behaviour leading to the error? Et cetera.
Hi, Sorry. I meant that I thought after doing this installation and getting the letsencrypt certificates that the security lock icon associated with HTTPS would appear on my footiefantasy.eu website. Currently, it says not secure.?
Hi, do I have to create another certificate for the _acme-challenge.www or use the same certificate as the _acme-challenge ?. Thank you for your help...
no, certbot will tell you what to do. just read its output carefully.
Hi, I thought after doing this installation and getting the letsencrypt certificates that the security lock icon associated with HTTPS would appear on my footiefantasy.eu website. Currently, it says not secure.? Do I have to do anything more or should it appear automatically (I have restarted apache2 server). I tried running it again and got this which seems to prove that it installed correctly:
sudo certbot --manual --preferred-challenges dns certonly -d footiefantasy.eu
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/footiefantasy.eu.conf)
What would you like to do?
1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
Sorry to keep asking all these questions but I really want to get the HTTPS working on my site. Many Thanks...
There's no reason to replace that certificate. Keep it.
I didnt replace it but still no lock icon in front of my website name in the browser??. HTTPS not working...
You have to install the certificate.
Run certbot install and follow the instructions
sudo certbot install
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which certificate would you like to install?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: footiefantasy.eu
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Deploying certificate
Successfully deployed certificate for footiefantasy.eu to /etc/apache2/sites-available/000-default-le-ssl.conf
HELPPPPPPPPP, I did that and now the website doesnt work at all now!!! Port 443 is closed so I cant understand why its saying
IfModule mod_ssl.c
VirtualHost *:443
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName footiefantasy.eu
ServerAlias www.footiefantasy.eu
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# the two lines below I think are to do with modsecurity which I have disabled
# so that I can try and setup a SSL certificate.
# SecRuleEngine On
# SecRule ARGS:testparam "@contains test" "id:999,deny,status:403,msg:'Test Successful'"
SSLCertificateFile /etc/letsencrypt/live/footiefantasy.eu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/footiefantasy.eu/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Hi, Fixed it, changed the virtual port from 443 to 80 as the port redirect is it to 80 only. I now have a secure website at last.
I'd like to thank all the help team for your help and extreme patience with me.
Kind regards
Don
PS - I'm sure you will be hearing from me sometime in the future when it comes to renewals...
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.