Trouble Encrypting Ubuntu 16.04 LAMP

dragonsway · March 5, 2018, 1:35am

Hi I have an ubuntu 16.04 LAMP dev environment. I believe that I have configured the virtualhost file correctly, however I still can't letsencrypt to work properly. I have tried the install instructions from Digital Ocean found here. I have also tried the How to Forge Instructions installation found here, but all with no luck. I keep receiving the same error, so there probably some obvious error that I am missing. Any guidance much appreciated.

My Virtualhost file says:

<VirtualHost *:80>
DocumentRoot /home/webdevusr/public_html/povertysdemise.org
ServerName povertysdemise.org
ServerAlias povertysdemise.org
ServerAdmin ----@163.com
    <Directory /home/webdevusr/public_html/povertysdemise.org>
            Options Indexes MultiViews FollowSymLinks
            AllowOverride All
            allow from all
    </Directory>

My hosts file says:
127.0.0.1 povertysdemise.org

and the error message that I receive from letsencrypt is:

webdevusr@timbuktu ~ $ sudo ./certbot-auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: povertysdemise.org
2: ciacyleung.povertysdemise.online

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for povertysdemise.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. povertysdemise.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://povertysdemise.org/.well-known/acme-challenge/e_IksdoJiOX2DAmM9kKrfhB1H2r5Du1LFTx23r79K6M: "
404 Not Found <body style="color: #444; margin:0;font:"
IMPORTANT NOTES:

The following errors were reported by the server:

Domain: povertysdemise.org
Type: unauthorized
Detail: Invalid response from
http://povertysdemise.org/.well-known/acme-challenge/e_IksdoJiOX2DAmM9kKrfhB1H2r5Du1LFTx23r79K6M:
"
404 Not Found <body style="color: #444; margin:0;font:"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I am missing a step somewhere... thanks in advance... first time encrypting my dev environment... not going well

_az · March 5, 2018, 1:51am

It doesn't look like the document root you have in your Apache config actually reflects what happens when an external party visits your site.

This is not relevant, because it is not Certbot connecting to your domain, it is the external validation authority connecting to your domain.

So that raises the question: does the domain's current address in DNS actually point to this server, or not?

If you run:

echo test > /home/webdevusr/public_html/povertysdemise.org/test.txt

Is that file actually accessible externally for people visiting your domain?

How about:

mkdir -p /home/webdevusr/public_html/povertysdemise.org/.well-known/acme-challenge
echo test > /home/webdevusr/public_html/povertysdemise.org/.well-known/acme-challenge/test.txt

dragonsway · March 5, 2018, 2:07am

I ran the commands that you provided from the command line, but got no feedback. Admittedly, I have no idea how to make my local lamp installation accessible to external users. I am accustom to developing locally, then loading files to my production server..

Just remember I don't use a separate name for my production and dev servers... they are both povertysdemise.org, which means the any external party looking for my domain from externally is going to the wrong location. Even if I create a local dev subdomain dev.povertysdemise.org, making it accessible to external users has always been a "no-no" until now because of SSL... if there is any external reference that I should read just let me know. Googling now...

dragonsway · March 5, 2018, 2:30am

Ok… now I know the step that I am missing… I haven’t set-up my router port forwarding and static ip… that should really be mentioned in tutorials, just lost a couple of hours… the pains of a newbie… than @_az thanks for the feedback…

_az · March 5, 2018, 2:37am

Nothing wrong with keeping it this way. If you want to stay with your private /etc/hosts workflow, you could just issue the certificate on your production server, and then copy the certificate back to your local LAMP installation.

dragonsway · March 5, 2018, 2:44am

@ _az is there an emoji for a “digital beer”? You deserve it… my tech support at my hosting company gave me very wrong instructions… what you just said… saved me hours. I was literally told that I should have two certificates on my local LAMP and production servers…
In reality I should have spent the past 3 hours doing exactly what you said… setting up SSL on my production server then simply copying the certificate locally… THANKS

system · April 4, 2018, 2:44am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
The client lacks sufficient authorization (on virtual machine) Help	5	1112	September 13, 2017
Let's encrypt on LAMP under UBUNTU 16.04 Help	6	2242	February 5, 2018
Failed install of letsencrypt on ubuntu 16.04 Help	9	6035	August 11, 2017
Authenicator Digital Ocean failing Server	3	1757	May 16, 2018
Please help me installing letsencrypt on Ubuntu 16.04 Server	3	5730	June 21, 2016

Trouble Encrypting Ubuntu 16.04 LAMP

Which names would you like to activate HTTPS for?

1: povertysdemise.org 2: ciacyleung.povertysdemise.online

Related topics

1: povertysdemise.org
2: ciacyleung.povertysdemise.online