Unable to obtain SSL certificates


#1

Running “WordPress Certified by Bitnami version 4.9.8-0-r35 on Ubuntu 16.04 provided by Bitnami”

I’m attempting to follow the instructions detailed on this page:
docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

However when running the command:
sudo lego --domains=“earthi.space” --domains=“www.earthi.space” --path="/etc/lego" run

I am receiving the following error:

2018/09/21 12:48:43 No key found for account info@earthi.co.uk. Generating a curve P384 EC key.
2018/09/21 12:48:43 Saved key to /etc/lego/accounts/acme-v02.api.letsencrypt.org/info@earthi.co.uk/keys/info@earthi.co.uk.key
2018/09/21 12:48:43 Do you accept the TOS? Y/n
y^HY
2018/09/21 12:48:48 Your input was invalid. Please answer with one of Y/y, n or by pressing enter.
2018/09/21 12:48:48 Do you accept the TOS? Y/n
Y
2018/09/21 12:48:50 [INFO] acme: Registering account for info@earthi.co.uk
2018/09/21 12:48:50 !!! HEADS UP !!!
2018/09/21 12:48:50
Your account credentials have been saved in your Let’s Encrypt
configuration directory at “/etc/lego/accounts/acme-v02.api.letsencrypt.org/info@earthi.co.uk”.
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let’s Encrypt so making regular
backups of this folder is ideal.
2018/09/21 12:48:50 [INFO][earthi.space, www.earthi.space] acme: Obtaining bundled SAN certificate
2018/09/21 12:48:51 [INFO][earthi.space] AuthURL: acme-v02.api.letsencrypt.org/acme/authz/8Zt7RP0C2w4KWFWv08vShJ6QXnOWaWHzXRLZnknQdig
2018/09/21 12:48:51 [INFO][www.earthi.space] AuthURL: acme-v02.api.letsencrypt.org/acme/authz/K-uaa9Xjnx1JBW54D-C--hRXIVKURTkAU6A14dLlDF0
2018/09/21 12:48:51 [INFO][earthi.space] acme: Could not find solver for: dns-01
2018/09/21 12:48:51 [INFO][earthi.space] acme: Trying to solve HTTP-01
2018/09/21 12:48:56 [INFO][www.earthi.space] acme: Trying to solve HTTP-01
2018/09/21 12:48:56 [INFO][www.earthi.space] Served key authentication
2018/09/21 12:49:01 [INFO][www.earthi.space] The server validated our request
2018/09/21 12:49:01 Could not obtain certificates
acme: Error -> One or more domains had a problem:
[earthi.space] acme: Error 403 - urn:ietf:params:acme:error:unauthorized - Invalid response from earthi.space/.well-known/acme-challenge/Cvl6ffQdFF-mKO5Dj7YK4Gjx09FnvL5SAQwQxVdQzrc: q%!(EXTRA string=
<META HTTP-EQ)

I am struggling to work out how best to proceed. Any help would be appreciated!


#2

Hi @Spiruel

your error message says, that Letsencrypt doesn’t find the validation file under

earthi.space/.well-known/acme-challenge/Cvl6ffQdFF-mKO5Dj7YK4Gjx09FnvL5SAQwQxVdQzrc

So lego doesn’t understand your Apache-configuration.

Or lego doesn’t find your webroot.

Looking there - lego Readme:

There is an additional parameter --webroot.

Find your webroot (the directory of earthi.space, where your website starts), define that as additional parameter.

PS: Test it. Create two folder /.well-known/acme-challenge, there a file 1234

Then try to load this file via browser:

http://earthi.space/.well-known/acme-challenge/1234


#3

hi @JuergenAuer,

Thank you for your post.

The folder structure of the host server is configured like:

  • /opt/bitnami/apps/wordpress/htdocs - Wordpress’s Files
  • /opt/bitnami/apps/wordpress/htdocs/wp-content/ - Wordpress’s Content
  • /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/ - Wordpress’s Plugins
  • /opt/bitnami/apps/wordpress/conf - Wordpress’s Apache Configuration files.
  • /opt/bitnami/apache2 - Apache Web Server
  • /opt/bitnami/mysql - MySQL Database

I’m unsure of where my webroot could possibly be located? Creating the ‘1234’ file in these locations hasn’t worked.


#4

Did you create the file 1234 there? Or under

/opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge

Same with the other directories.

If that doesn’t work, there are additional redirects. So share your Apache configuration. There should the webroot defined.

Perhaps there is a redirect /.well-known/acme-challenge to another subdirectory.


#5

Hi @JuergenAuer

/opt/bitnami/apps/wordpress/htdocs was the location of the webroot in the end, thank you.

I did try the command
sudo lego --email="info@earthi.co.uk" --domains=earthi.space --domains=www.earthi.space --path="/etc/lego" --webroot="/opt/bitnami/apps/wordpress/htdocs/" run

with the new parameter but unfortunately no luck - I got the same error again.

There are multiple .conf files to choose from under bitnami and apache2 directories - do you know which one is the Apache configuration to share?


#6

Yep - your file is now correct:

hello world

You have to check all files. The --webroot - option

Pass the --webroot option and specify the path to your webroot folder. In this case the challenge will be written in a file in .well-known/acme-challenge/ inside your webroot.

should do the job. Why not? I don’t know.

PS:

All TLS handshakes on port 443 for the TLS-ALPN challenge.

Lego supports the tls-alpn - challenge. Perhaps test that.

I thought that your content management system (or something else) hides some directories. But then

http://earthi.space/.well-known/acme-challenge/1234

wouldn’t work.


#9

I finally found a solution! I had a cloudfront distribution set up with this ec2 instance, which had ‘ipv6’ set to enabled. This meant that there was an AAAA record being created without my knowledge, leading to a conflict in the SSL certificate validation.

Disabling this option has now allowed me to follow the initial instructions docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/ in full!
Unfortunately the website still doesn’t yet say it’s secure - but I’ve passed the first hurdle.


#10

Your certificate, created today, is good:

space

The only thing: You have blocked mixed content.

Use Chrome / FireFox, then Ctrl + Shift + I to open the console.

http://www.trksrv45.com/js/77803.js

should be changed to https.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.