Not able to obtain lets encrypt certificate


#1

I am trying hard to find a solution and also used some help from this topic and I am following the tutorial from here

My domain is: makeyourbrand.in

I ran this command: sudo lego --email="myemail@gmail.com" --domains=makeyourbrand --domains=www.makeyourbrand.in --path="/etc/lego" --webroot="/opt/bitnami/apps/wordpress/htdocs/" run

It produced this output:
2018/12/18 11:07:22 [INFO] [makeyourbrand, www.makeyourbrand.in] acme: Obtaining bundled SAN certificate
2018/12/18 11:07:22 Could not obtain certificates
acme: Error 400 - urn:ietf:params:acme:error:malformed - Error creating new order :: DNS name does not have enough labels

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I am confused on how to solve this issue, as not much error data is available. I hope someone can help me on this ?


#2

That should be “--domains=makeyourbrand.in --domains=www.makeyourbrand.in” – the first one is missing “.in”.

Edit: Actually, I’m not sure, but it might need more quotation marks, like:

--domains="makeyourbrand.in" --domains="www.makeyourbrand.in"

#3

Thank you for replying, it worked for sometime :stuck_out_tongue: , this time I got a new error actually.

2018/12/18 11:23:04 [INFO] [www.makeyourbrand.in] acme: Trying to solve HTTP-01
2018/12/18 11:23:09 accept tcp [::]:80: use of closed network connection
2018/12/18 11:23:09 Could not obtain certificates
acme: Error -> One or more domains had a problem:
[www.makeyourbrand.in] acme: Error 400 - urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for www.makeyourbrand.in


#4

makeyourbrand.in has this IP address:

makeyourbrand.in.       300     IN      A       18.224.110.1

But www.makeyourbrand.in doesn’t have any DNS records. You have to add another A record for www.

By the way, it looks like your web server isn’t running right now.


#5

That worked!!! I moved on to STEP 3. and I ran the first command but then error pops up

mv: cannot stat '/opt/bitnami/apache2/conf/server.crt': No such file or directory

I checked the directory and there was no such server.crt. Did I miss some command ?

I have attached the files image - here


#6

There is no server.crt ,server.key or server.csr files in /opt/bitnami/apache2/conf/ directory. and I followed exactly same steps as mentioned in the tutorial here


#7

That step simple moves any pre-existing cert to “old” and links to the new cert.
You can ignore the errors about the “mv” for pre-existing cert if you never had one.
As long as you have the new cert:
ls -l /etc/lego/certificates/DOMAIN.*
You should be ok to confinue.


#8

@rg305 Thank you for replying, I have completed all the steps but when I run my website on https. It says “ERR_SSL_PROTOCOL_ERROR” in google chrome.

https://makeyourbrand.in


#9

I’m new to lego, so please bear with me.
Let’s see if you did get a new cert:
Pleas show:
ls -l /etc/lego/certificates/


#10

total 16
-rw------- 1 root root 3596 Dec 19 04:05 makeyourbrand.in.crt
-rw------- 1 root root 1648 Dec 19 04:05 makeyourbrand.in.issuer.crt
-rw------- 1 root root 237 Dec 19 04:05 makeyourbrand.in.json
-rw------- 1 root root 1675 Dec 19 04:05 makeyourbrand.in.key


#11

OK that looks good.
Now let’s see if the bitnami cert(s) match to any of those files.
Please show:
ls -l /opt/bitnami/nginx/conf/server.*


#12

Its Apache, below is the response. I see below lines in red in command prompt.

lrwxrwxrwx 1 root root  40 Dec 19 03:58 /opt/bitnami/apache2/conf/server.crt -> /etc/lego/certificates/makeyourbrand.crt
lrwxrwxrwx 1 root root  33 Dec 16 08:46 /opt/bitnami/apache2/conf/server.crt.old -> /etc/lego/certificates/DOMAIN.crt
-rw------- 1 root root 985 Dec 14 07:29 /opt/bitnami/apache2/conf/server.csr.old
lrwxrwxrwx 1 root root  40 Dec 19 03:57 /opt/bitnami/apache2/conf/server.key -> /etc/lego/certificates/makeyourbrand.key
lrwxrwxrwx 1 root root  33 Dec 16 08:46 /opt/bitnami/apache2/conf/server.key.old -> /etc/lego/certificates/DOMAIN.key

#13

That also looks good.
Have you restarted bitnami?
sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/ctlscript.sh start


#14

Yes I did, but still it shows error “ERR_SSL_PROTOCOL_ERROR” :confused:


#15

Did it work with https using the previous cert?
If not, did https ever work?


#16

This is the first time I am using https using let’s encrypt.


#17

OK then there may be some basic https requirements that have not yet been met.
Is there a file or location where you can specify the use of:
TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
And specific ciphers?


#18

I am new to aws, but never faced this problem. So could you help me ?


#19

I am trying to help you :slight_smile:

Let’s try finding a file for configuring bitnami:
find / -name bitnami.conf


#20

Thank you for considering :slight_smile: , I really appreciate that and will learn a lot from this

/etc/logrotate.d/bitnami.conf
/opt/bitnami/apache2/conf/bitnami/bitnami.conf
/opt/bitnami/config/monit/bitnami.conf
/opt/bitnami/config/logrotate/bitnami.conf