I am trying to install SSL Certificate to my website using Securing Apache with Let's Encrypt on CentOS 7.
My web server is (include version): Apache (cPanel)
My hosting provider, if applicable, is: GoDaddy
followed this link for that, STEP-1 and STEP-2 were successfull
with the understanding that no firewall has been setup in my VPS
sudo yum install epel-release
sudo yum install httpd mod_ssl python-certbot-apache
sudo systemctl start httpd
systemctl status httpd
curl www.example.com ((Note: works))
sudo certbot --apache -d example.com -d www.example.com
This last command generates an error, as follows:
sudo: certbot: command not found
I tried to install certbot by
sudo yum install certbot
and installed successfully
Installed:
certbot.noarch 0:0.27.1-1.el7
Dependency Installed:
audit-libs-python.x86_64 0:2.8.1-3.el7_5.1 checkpolicy.x86_64 0:2.5-6.el7 libcgroup.x86_64 0:0.41-15.el7
libsemanage-python.x86_64 0:2.5-11.el7 policycoreutils-python.x86_64 0:2.5-22.el7 pyOpenSSL.x86_64 0:0.13.1-3.el7
python-IPy.noarch 0:0.75-6.el7 python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7
python-idna.noarch 0:2.4-1.el7 python-ndg_httpsclient.noarch 0:0.3.2-1.el7 python-ply.noarch 0:3.4-11.el7
python-pycparser.noarch 0:2.14-1.el7 python-requests.noarch 0:2.6.0-1.el7_1 python-requests-toolbelt.noarch 0:0.8.0-1.el7
python-six.noarch 0:1.9.0-2.el7 python-urllib3.noarch 0:1.10.2-5.el7 python-zope-component.noarch 1:4.1.0-3.el7
python-zope-event.noarch 0:4.0.3-2.el7 python-zope-interface.x86_64 0:4.0.5-4.el7 python2-acme.noarch 0:0.27.1-1.el7
python2-certbot.noarch 0:0.27.1-1.el7 python2-configargparse.noarch 0:0.11.0-1.el7 python2-cryptography.x86_64 0:1.7.2-2.el7
python2-future.noarch 0:0.16.0-6.el7 python2-josepy.noarch 0:1.1.0-1.el7 python2-mock.noarch 0:1.0.1-9.el7
python2-parsedatetime.noarch 0:2.4-5.el7 python2-pyasn1.noarch 0:0.1.9-7.el7 python2-pyrfc3339.noarch 0:1.0-2.el7
python2-requests.noarch 0:2.6.0-0.el7 python2-six.noarch 0:1.9.0-0.el7 pytz.noarch 0:2016.10-2.el7
setools-libs.x86_64 0:3.3.8-2.el7
Complete!
I again tried to request an SSL certificate for my domain.
sudo certbot --apache -d example.com -d www.example.com
this time it's returning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested apache plugin does not appear to be installed
/var/log/letsencrypt/letsencrypt.log
2018-11-02 08:15:55,542:DEBUG:certbot.main:certbot version: 0.27.1
2018-11-02 08:15:55,542:DEBUG:certbot.main:Arguments: ['--apache', '-d', 'example.com', '-d', 'www.example.com']
2018-11-02 08:15:55,543:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,Plugi$
2018-11-02 08:15:55,611:DEBUG:certbot.log:Root logging level set at 20
2018-11-02 08:15:55,611:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-11-02 08:15:55,613:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2018-11-02 08:15:55,613:DEBUG:certbot.plugins.selection:No candidate plugin
2018-11-02 08:15:55,614:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
Note: I replaced example.com with my actual domain
Any Help is highly Appreciated.Thanks in advance!!
You can try to use the --standalone option (doesn't require any additional web server) but you have to shutdown any HTTP server using 443 port.
systemctl stop httpd
/opt/letsencrypt/certbot-auto --standalone -d mydomain.com
Make sure that your DNS record is pointing to the web server where you are running the certbot command.
It will save the certificate on /etc/letsencrypt/archive/mydomain.com/*.pem and update the symlink on /etc/letsencrypt/live/mydomain.com/.
Now, update your Apache configs and restart it.
<VirtualHost>
...
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/chain.pem
...
</VirtualHost>
I recommend you to review your SSL and security settings to improve the apache configuration for your website.
Related
I am trying to install a certificate using certbot on Ubuntu Xenial by using the below command:
sudo certbot run -a webroot -i apache -w /var/www/mydomain/public/.well-known/acme-challenge/ -d "example.com"
I get a challenge failed error with the following notes:
Domain: mydomain.com
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/lvJ9RbuDyoPn4NXnxPpjOYpsGHZb6ZYdDoBWW-6JC1k
I created the /.well-known/acme-challenge myself thinking this might help, but it didn't. I tried putting a file into the acme-challenge directory and browsed to it through Chrome and this worked without an issue. Therefore, I know the Apache host is setup correctly.
I'm now at a loss of what to try.
I was trying to get SSL certificate for my domain on PhpMyAdmin Droplet by following the steps mentioned at "https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04". My server is Ok. I have DNS A entry for my domain.com and CNAME entry for my www.domain.com
As I went to execute "sudo certbot --apache -d your_domain -d www.your_domain"
It asked me to enter email address and after that it gave me the following error.
"An unexpected error occurred:
The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
"
I tried with root and non root admin user with sudo but still the same. Any help is appreciated
Best
I got it resolved. So first run
sudo apt update
sudo apt install --only-upgrade certbot
and then
sudo certbot --apache -d your_domain -d www.your_domain
worked for me
When I run
./letsencrypt-auto
I can choose my domains, but in the next step it fails on
IMPORTANT NOTES:
- The following 'urn:acme:error:connection' errors were reported by
the server:
Domains: xx.co.uk
Error: The server could not connect to the client for DV
Does apache needs to be listening on port 443 already or what else could be a problem?
Apache 2.2, Ubuntu 14 LTS Trusty
I just started using Let's Encrypt. My server runs Apache 2.2 on Ubuntu 12.04. I found it much easier to use Let's Encrypt certonly --webroot mode. Here's an example:
./letsencrypt-auto certonly --webroot \
--renew-by-default --agree-tos \
--email postmaster#analysisandsolutions.com \
-w /var/www/www.analysisandsolutions.com/public_html \
-d www.analysisandsolutions.com -d analysisandsolutions.com
Then I edited the relevant virtual host file in sites-available to contain:
SSLCertificateFile /etc/letsencrypt/live/www.analysisandsolutions.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.analysisandsolutions.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.analysisandsolutions.com/privkey.pem
Finally call service apache2 reload
I also use the resulting certificate for Postfix SMTP and Dovecot IMAP connections.
I made a shell script to simplify the process. More details about all of this can be found on my blog.
Here is an answer.
Yes Apache needs to be listening on 443. Easiest way is to make you domain working with self signed SSL certificate.
Then run
./letsencrypt-auto --apache
And Let's Encrypt does all for you. Amazing!
I have a raspberry pi with apache on it, and I would like to set up SSL on it.
Issues and what I have tried:
When I try to activate the SSL module and run the command: sudo a2enmod ssl and sudo a2enmod default-ssl I get command not found.
My second issue is that I cannot restart the apache webserver, I would run the command sudo /etc/init.d/apache2 restart and as a result I get apache2.serviceJob for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details.
What am I doing wrong?
Any advice is greatly appreciated.
Thanks in advance
Do you have a default-ssl.conf file in [wherever-it-is]/mods-available/default-ssl.conf
sudo nano it into existence if not,
restarting the server, have you tried "sudo service apache2 restart" or replace "restart" with "reload"?
How do you normally access services on a Pi?
I've tried to install nginx on my vps buy following this steps
cd /usr/local/src
wget http://nginxcp.com/latest/nginxadmin.tar
tar xf nginxadmin.tar
cd publicnginx
./nginxinstaller install
finnaly the apache in tweak seting checked working on port 8081 but the server still gives errors and nginx status is down.
this is the error when i restart apache from ssh
Restarting nginx daemon: nginxnginx: [emerg] socket() [::]:80 failed (97: Address family
not supported by protocol)
already running.