ricaard
December 23, 2019, 9:31am
1
Dears,
I am having problem with enabling SSL to my website “simo.photos” . I run this website as personal on RPI in home environment, using DynDNS to route traffic to RPI.
IP you can see below is not an IP of my NW, as I mentioned, I do use DynDNS to translate this domain to another, there is also CNAME used in final translation.
When trying to run certbot even on manual mode, I getting following error:
Domain: simo.photos
Type: unauthorized
Detail: Invalid response from
http://simo.photos/.well-known/acme-challenge/uDvSSfKW_OF7rUOmEwdWk0WNdwRm7Nsul-uKrNgb_sg
[92.240.253.xyz]: " \n
\n <t"
I am using file/folder permission www-data and for this case made “chmod 777”.
Any ideas?
Thanks
1 Like
Hi @ricaard
your dns setup is wrong - https://check-your-website.server-daten.de/?q=simo.photos
Your ip:
Host
T
IP-Address
is auth.
∑ Queries
∑ Timeout
simo.photos
A
92.240.253.223 Bratislava/Slovakia (SK) - LightStorm Communications s.r.o. No Hostname found
yes
1
0
AAAA
yes
www.simo.photos
A
92.240.253.223 Bratislava/Slovakia (SK) - LightStorm Communications s.r.o. No Hostname found
yes
1
0
AAAA
yes
Checking http://www.simo.photos/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
there is a frame, that can't work.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html> <head><title>www.simo.photos</title> <meta http-equiv="Content-Type" content="text/html; charset=windows-1250" /> </head>
<frameset rows="*,0" border="0" framespacing="0" framecolor="#00000">
<frame src="http://simophotos.redirectme.net" frameborder="0" marginwidth="0" marginheight="0"> </frameset>
<noframes>
<body>
<div style="font-size:2em;">
<a href="http://simophotos.redirectme.net"></a> </div> </body>
</noframes> </html>
So Letsencrypt checks the wrong ip address.
If possible, create a CNAME simo.photos
->> simophotos.redirectme.net
.
If that isn't possible, your setup may not work.
Or use dns validation to create a certificate, then you don't need a working ip address.
1 Like
ricaard
December 23, 2019, 9:41am
3
Hi @JuergenAuer
thanks for quick reply.
Could you please describe more about your last reco:
“Or use dns validation to create a certificate, then you don’t need a working ip address.” ?
Thanks
Richard
1 Like
Read
then
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME...
But that's the wrong way.
Your frame
<frame src="http://simophotos.redirectme.net"
supports only http, so
you need a certificate with simophotos.redirectme.net
if you have such a certificate, the frame would connect http, so it's not visible
if you use https://simo.photos
, the http frame is blocked because it's mixed content
-->> a frame is the wrong way.
1 Like
ricaard
December 23, 2019, 10:04am
5
Thanks @JuergenAuer
I am going to change DNS records at my DNS provider and try it with CNAME definition.
Keep you updated.
1 Like
ricaard
December 23, 2019, 6:16pm
6
Dear @JuergenAuer
thank you for your hint about defining simo.photos with CNAME of redirected domain.
Now certbot script passed succesfully and I am able to access my site secured.
Have a blessed Christmas time.
Richard
1 Like
system
Closed
January 22, 2020, 6:16pm
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.