Try to Install SSL on AWS instance

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
vivien.us
I ran this command:
sudo certbot --apache -d vivien.us -d www.vivien.us
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vivien.us
http-01 challenge for www.vivien.us
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. vivien.us (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://vivien.us/.well-known/acme-challenge/CRf8Bs_Nw-XitXiLiCCZFffPUphyiRJMqPixsT9AgZk [184.168.131.241]: “\n\n\n\n PPE</title”, www.vivien.us (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.vivien.us/.well-known/acme-challenge/jZTLpmDHijRPvBNr2HEwvTbX0YOxTdLYCDUQ1Ers6To [184.168.131.241]: “\n\n\n\n PPE</title”

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: vivien.us
  Type: unauthorized
  Detail: Invalid response from
  http://vivien.us/.well-known/acme-challenge/CRf8Bs_Nw-XitXiLiCCZFffPUphyiRJMqPixsT9AgZk
  [184.168.131.241]: "\n\n\n\n

  PPE</title"

  Domain: www.vivien.us
  Type: unauthorized
  Detail: Invalid response from
  http://www.vivien.us/.well-known/acme-challenge/jZTLpmDHijRPvBNr2HEwvTbX0YOxTdLYCDUQ1Ers6To
  [184.168.131.241]: "\n\n\n\n

  PPE</title"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version):
Apache/2.4.29 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 18.04.3 LTS
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
EC2
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

184.168.131.241 is a GoDaddy IP address, not your AWS IP address. It’s serving a web page that includes http://18.216.184.188 (an AWS IP address) in a frame.

The domain is using a GoDaddy feature called URL forwarding or redirecting, or something like that.

That won’t work. You need to turn it off, then just create two A records with your EC2 IP address (one for www and the other one).

then just create two A records with your EC2 IP address (one for www and the other one).

To create these two A records in godday’s domain management?

Yes, where DNS records are managed.

I don’t know exactly how GoDaddy’s control panel is laid out.

I am trying it - Thanks!

It worked - thanks again!
Also, it seems I’ve only got a license valid only for three months and will have to renew it every three months. I remember I got a non-expired SSL for the same domain from ZeroSSL.com - can I just replace the *.perm file on the server?

Your cert will expire on 2020-07-11. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew all of
your certificates, run “certbot renew”

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.