Unable to install on a new debian apache


#1

:/var/www/letsencrypt# ./letsencrypt-auto --apache

Updating letsencrypt and virtual environment dependencies…

Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --apache

The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘Unable to parse runtime variables’,)


#2

does

apache2ctl -S
print out your apache info and domains correctly ?


#3

VirtualHost configuration:
wildcard NameVirtualHosts and default servers:
default:443 your_domain.com (/etc/apache2/sites-enabled/default-ssl.conf:2)
*:80 is a NameVirtualHost
default server vps-7809.fhnet.fr (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost vps-7809.fhnet.fr (/etc/apache2/sites-enabled/000-default:1)
Syntax OK


#4

Are you using apache 2.2 ? if so it looks as if it’s a known bug - https://github.com/letsencrypt/letsencrypt/issues/1208

according to discussion in The apache plugin is not working; there may be problems with your existing configuration other methods (other than the -apache) should still work


#5

ok… but clearly: do you know what command should I type in ?

(I guess many people still use apache2.2): that would be great to just have the command for apache2.2 instead of trying to make tests, search, posts in forums…


#6

What to you want to achieve ?

I’m guessing you want to obtain an SSL cert for vps-7809.fhnet.fr and www.vps-7809.fhnet.fr ? anything else ?


#7

Infact just an HTTPs on an IP address 86.105.212.202 so I can access it with https://86.105.212.202


#8

Eh, why did you put LE inside your webdir?
I can’t think of any reason why you would want it there.


#9

According to this Certificate for public IP without domain name Let’s Encrypt is not issuing SSL certificates for IP addresses


#10

You can not have aN LE certificate for an IP address, it needs to be a domain name.


#11

On: now new problems :frowning:

> ./letsencrypt-auto certonly --standalone -d nextechanisme.com -d www.nextechangisme.com

Updating letsencrypt and virtual environment dependencies.......
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly --standalone -d nextechanisme.com -d www.nextechangisme.com
Failed authorization procedure. nextechanisme.com (http-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Server failure at resolver

Any idea ?


#12

Do you own nextechangisme.com? if so you need to point the domain to your server, as it’s currently hosted elsewhere.

LE is checking that you own the domain before it issues a certificate, hence it expects the domain to be on the server you are asking for an SSL certificate for.


#13

yes I own it and it is hosted on the SAME server where I try to run that command: 91.121.158.139

I am running that SSH command from 91.121.158.139 where nextechangisme.com is hosted

root@ns333468:/letsencrypt# dig nextechangisme.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> nextechangisme.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65152
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;nextechangisme.com.            IN      A

;; ANSWER SECTION:
nextechangisme.com.     3366    IN      A       91.121.158.139

;; AUTHORITY SECTION:
nextechangisme.com.     55564   IN      NS      ns110.ovh.net.
nextechangisme.com.     55564   IN      NS      dns110.ovh.net.

How does LE makes that check : how does LE check I own the domain name ?


#14

Have you read the documentation and the overview of how it works - https://letsencrypt.org/howitworks/technology/ ?

for the method you are using ( default) it needs to place code within a specific place on your webserver ( in .well-known/acme-challenge folder ) that it then checks - so confirm that you have control on that domain.


#15

ok, any idea why it just does not work ?
I am on the nextechangisme.com server with SSH, type in the right command and … nothing.
Still did not find the solution to my problem.

I am fighting for 2 hours to make it work on apache2.2
I guess many people are using apache2.2 so… why not to publish a step/step guide for apache2.2 ?


#16

Yeah, you mistyped your domain: it’s missing a g in this post.


#17

I feel so ashamed :flushed:
Forgive me for that : it works !

Last (stupid) question: once I got that certificate: what is the next step ?

regards


#18

As you are doing a non-automatic configuration, you should edit the Apache configuration file of your HTTPS (virtual)host yourself. You should set the following settings:

SSLCertificateFile /etc/letsencrypt/live/yourdomain/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain/chain.pem

And reload your Apache ofcourse :smile:


#19

WORKS 100%

Thanks you so much for your great help !