Hi, Im trying to generate a certficate to my website but I cant. Someone can help me? I dont know what is my webroot
I have a Java EE Application and my company uses Wix for your website (domain and subdomain)
My Java application is using Amazon EC2.
The subdomain(from wix) point to IP of the Java Application
PS:The application was developed on another computer
I ran this command:
./letsencrypt-auto certonly --webroot -d mysubdomain.domain.com.br -d www.mysubdomain.domain.com.br
It produced this output:
aving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mysubdomain.domain.com.br
http-01 challenge for www.mysubdomain.domain.com.br
Input the webroot for mysubdomain.domain.com.br: (Enter âcâ to cancel):
I dont know what is my webroot
My web server is (include version):
The operating system my web server runs on is (include version):
Debian 9
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I donât know):
Yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel):
You can set whereever you want as webroot, just to make sure certbot has the correct permission to it.
-------- Take a look at @jared.mâs response, ignore my response (after this line) ---------
For example, you can set the webroot to : /var/certbot_webroot (Since certbot definitely can access /var/)
But, please avoid set the webroot to : /root/ (Since certbot might not able to access)
The be a bit more specific, the webroot directory is whichever directory serves files for your website. For instance, if your domain is www.example.com, your webroot is where you would put a file (say, index.html) to access it with www.example.com/index.html. Often itâs something like /var/www/html if youâre using Apache.
For some ways of running web applications you could also imagine that there is no webroot because all URLs are mapped directly into the application (for example we see this here with people setting a blanket nginx proxy_pass for all paths).
root@debian:~/certificado/letsencrypt# ./letsencrypt-auto certonly --webroot -d mysubdomain.mydomain.com.br -d www.mysubdomain.mydomain.com.br
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mysubdomain.mydomain.com.br
http-01 challenge for www.mysubdomain.mydomain.com.br
Input the webroot for mysubdomain.mydomain.com.br: (Enter âcâ to cancel): /opt
Select the webroot for www.mysubdomain.mydomain.com.br:
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
So, the configuration of Glassfish either serves static files directly from the filesystem somehow, or doesn't do this. If it does, then you need to look at the Glassfish configuration to find out where they are served from. If it doesn't, then you need to configure Glassfish so that it does this.
As an alternative, you can also use the --standalone method instead of --webroot. This creates a temporary web server to pass the challenges. It would probably require stopping Glassfish temporarily and restarting it afterward.
Antes eu tentei com --standalone, mas me retornou o seguinte:
Problem binding to port 80: Could not bind to IPv4 or IPv6.
Eu tentei antes de parar e depois que eu parei
EntĂŁo se eu usar a linha de comando do computador do ec2 deve dar certo, pois neste computador nĂŁo tem o glassfish e nem a minha aplicação, o que vocĂȘ acha?
Agora acho que me confundi quanto aos vĂĄrios servidores. Qual o servidor que jĂĄ tem o Glassfish e onde estĂĄ? Em qual servidor estĂĄ pedindo o certificado com o Certbot?
Geralmente essa mensagem indica que jå existe outro processo (tipo Apache, nginx, Glassfish, ou outro) aceitando conexÔes em porta 80. Tem certeza de jå ter parado o Glassfish antes de usar certbot --standalone?
Faria mais sentido pedĂ-lo diretamente no servidor da Amazon porque a autoridade certificadora precisa conectar-se ao servidor para confirmar que a entidade pedindo o certificado realmente tem controle sobre o domĂnio. O Certbot nĂŁo tem opção muito conveniente para configurar um servidor remoto para esse procedimento de verificação.