Unable to renew the Let's Encrtypt certificate

Help
21

Can I delete the file /etc/apache2/sites-enabled/000-default.conf? or disable Apache2

22

just turn off apache alltogather. and do you have publically accessable server for that domain?

23

Read your previous thread

and do the same things.

You have to start with a public visible ip address, not 10.*, that's a private address.

24

You mean I need to start from Scratch like I need to get new domain, register that , map that proxy port…

25

I need to start form this thread “Unable to get https certificate for openhab2”

26

is your port 80 exposed to public?

27

yes…

--                         ------      ----
8080                       ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
Apache Full                ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
8443                       ALLOW       Anywhere                  
4443                       ALLOW       Anywhere                  
27017                      ALLOW       Anywhere                  
6380                       ALLOW       Anywhere                  
8040                       ALLOW       Anywhere                  
8042                       ALLOW       Anywhere                  
6379                       ALLOW       Anywhere                  
8080 (v6)                  ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
8443 (v6)                  ALLOW       Anywhere (v6)             
4443 (v6)                  ALLOW       Anywhere (v6)             
27017 (v6)                 ALLOW       Anywhere (v6)             
6380 (v6)                  ALLOW       Anywhere (v6)             
8040 (v6)                  ALLOW       Anywhere (v6)             
8042 (v6)                  ALLOW       Anywhere (v6)             
6379 (v6)                  ALLOW       Anywhere (v6)
28

DNS recode of veplopenhab.ga is on private address(10.1.68.206), so LE can’t check your website to check if it has right token published. you need to make it public ip, or use dns challenge and write txt record on it(which you did 3 months ago) but you didn’t automate it, so you write this thread again now.

29

Ok… I need to start from this step,

image
image.png803×644 36.4 KB

30

It mean I again request for “veplopenhab.ga” from Freenom ??.
or
Just run the certificate part…

Please guide me.

31

I cannot access veplopenhab.ga from internet, is this intended?

32

As of now, it is intended only.
I have created “veplopenhab.ga” for cloud service.
Once I have register “veplopenhab.ga” in cloud, every one access over internet. Registering in cloud is in progress.

I am going to work in Amazon voice service which require secure connection.

I have developed some work in “veplopenhab.ga” only, I need that now.

33

you need to set publically routeable ip for http-01 or TLS-alpn challenge, you need to use DNS-01 challenge, as you did on last thread.

34

Which one is easy and reliable ?

35

I’d recommand http-01 if normal but you don’t have choice unless you are willing to make the site internet accessable, DNS-01 is only challange with a record with private IP

36

I am not having much knowledge.
I will go with recommended which “http-01”

How to do this ?.

Thanks,
dhanasekar

37

then you have to set a public IP on A record of veploenhab.ga
then

sudo certbot --nginx -d veplopenhab.ga

would do the job

38

My domain is in ‘A’ only…

image
image.png1776×255 15.9 KB

39

10.x.x won’t work. put some ip that can be accessed from outside world.

40

As of now, I am not going to access from outside.
I am going to access internally with secure connection.