Trouble Encrypting Ubuntu 16.04 LAMP


#1

Hi I have an ubuntu 16.04 LAMP dev environment. I believe that I have configured the virtualhost file correctly, however I still can’t letsencrypt to work properly. I have tried the install instructions from Digital Ocean found here. I have also tried the How to Forge Instructions installation found here, but all with no luck. I keep receiving the same error, so there probably some obvious error that I am missing. Any guidance much appreciated.

My Virtualhost file says:

<VirtualHost *:80>
DocumentRoot /home/webdevusr/public_html/povertysdemise.org
ServerName povertysdemise.org
ServerAlias povertysdemise.org
ServerAdmin ----@163.com

    <Directory /home/webdevusr/public_html/povertysdemise.org>
            Options Indexes MultiViews FollowSymLinks
            AllowOverride All
            allow from all
    </Directory>

My hosts file says:
127.0.0.1 povertysdemise.org

and the error message that I receive from letsencrypt is:

webdevusr@timbuktu ~ $ sudo ./certbot-auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: povertysdemise.org
2: ciacyleung.povertysdemise.online

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for povertysdemise.org
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. povertysdemise.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://povertysdemise.org/.well-known/acme-challenge/e_IksdoJiOX2DAmM9kKrfhB1H2r5Du1LFTx23r79K6M: "

404 Not Found <body style="color: #444; margin:0;font:"

IMPORTANT NOTES:

I am missing a step somewhere… thanks in advance… first time encrypting my dev environment… not going well


#2

It doesn’t look like the document root you have in your Apache config actually reflects what happens when an external party visits your site.

This is not relevant, because it is not Certbot connecting to your domain, it is the external validation authority connecting to your domain.

So that raises the question: does the domain’s current address in DNS actually point to this server, or not?

If you run:

echo test > /home/webdevusr/public_html/povertysdemise.org/test.txt

Is that file actually accessible externally for people visiting your domain?

How about:

mkdir -p /home/webdevusr/public_html/povertysdemise.org/.well-known/acme-challenge
echo test > /home/webdevusr/public_html/povertysdemise.org/.well-known/acme-challenge/test.txt

#3

I ran the commands that you provided from the command line, but got no feedback. Admittedly, I have no idea how to make my local lamp installation accessible to external users. I am accustom to developing locally, then loading files to my production server… :blush:

Just remember I don’t use a separate name for my production and dev servers… they are both povertysdemise.org, which means the any external party looking for my domain from externally is going to the wrong location. Even if I create a local dev subdomain dev.povertysdemise.org, making it accessible to external users has always been a “no-no” until now because of SSL… if there is any external reference that I should read just let me know. Googling now…


#4

Ok… now I know the step that I am missing… I haven’t set-up my router port forwarding and static ip… that should really be mentioned in tutorials, just lost a couple of hours… the pains of a newbie… than @_az thanks for the feedback…


#5

Nothing wrong with keeping it this way. If you want to stay with your private /etc/hosts workflow, you could just issue the certificate on your production server, and then copy the certificate back to your local LAMP installation.


#6

@ _az is there an emoji for a “digital beer”? You deserve it… my tech support at my hosting company gave me very wrong instructions… what you just said… saved me hours. I was literally told that I should have two certificates on my local LAMP and production servers…
In reality I should have spent the past 3 hours doing exactly what you said… setting up SSL on my production server then simply copying the certificate locally… THANKS :beer:


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.