Reputation: 626
How to fix error setting SSL with certbot using?
I try to set ssl for my php/laravel application under Digital Ocean with Kubuntu 18 as in this articles https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04
But I got error trying to use certbot to obtain a free SSL certificate :
# sudo ufw status
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
443 ALLOW Anywhere
80 ALLOW Anywhere
22/tcp ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.products-catalog.nilov-sergey-demo-apps.tk
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.products-catalog.nilov-sergey-demo-apps.tk
Type: None
Detail: DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
products-catalog.nilov-sergey-demo-apps.tk - that is my domain I got on freenom.com and searching I found a hint that I need to add A-record for www subdomain
I tried to add new record as https://i.sstatic.net/s0vde.jpg But trying to suBmit this page I got:
• Error occured: Invalid value in dnsrecord
What is wrong ? Can new record be issue of my problem ? Or I need to move in other way ?
UPDATED # 2 Configuration in appache is :
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/lprods/public
ServerName products-catalog.nilov-sergey-demo-apps.tk
ServerAlias products-catalog.nilov-sergey-demo-apps.tk
<Directory /var/www/html/lprods/public>
AllowOverride All
Order Deny,Allow
Allow from all
Require all granted
</Directory>
Options FollowSymLinks
DirectoryIndex index.php
ErrorLog /var/www/html/lprods/storage/logs/error.log
CustomLog /var/www/html/lprods/storage/logs/access.log combined
</VirtualHost>
with line in /etc/hosts
138.68.107.5 products-catalog.nilov-sergey-demo-apps.tk
Can it be issue with my problem ?
UPDATED # 3 I made some more review and found next :
IP of my server is 138.68.107.4 and under ssh I enter the console of OS as
ssh [email protected]
But in my /etc/hosts file I had next lines pointing to some other hosts on this server:
# 127.0.0.1 localhost
127.0.0.1 localhost.localdomain localhost
138.68.107.4 box.example.com box
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
138.68.107.4 votes.nilov-sergey-demo-apps.tk
138.68.107.5 products-catalog.nilov-sergey-demo-apps.tk
138.68.107.6 csvp.nilov-sergey-demo-apps.tk
...
I modified 3 last lines as :
138.68.107.4 votes.nilov-sergey-demo-apps.tk
138.68.107.4 products-catalog.nilov-sergey-demo-apps.tk
138.68.107.4 csvp.nilov-sergey-demo-apps.tk
But I still not sure is that is valid value, as I have next error again:
# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up
A for www.products-catalog.nilov-sergey-demo-apps.tk
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.products-catalog.nilov-sergey-demo-apps.tk
Type: None
Detail: DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
can reason of this error be in wrong IP in /etc/hosts or some other issue ?
Thanks!
Upvotes: 1
Views: 6091
Answers (3)
Reputation: 23
If you run certbot with --manual certonly then run with --apache option it will "reinstall" the cert to your Apache server.
Run :
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory
-d *.domain.com --manual --preferred-challenges dns-01 certonly
You then add DNS TXT record and click Continue on the certbot instruction.
Once complete you can run a simple --apache install like this.
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory
-d *.domain.com --apache
This will ask to reinstall cert and you can just select that.
Upvotes: 1
Reputation: 76569
certbot complains about:
DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
a) the local /etc/hosts file is not the public DNS zone file ...just add the domain name; because virtual host is being told apart by HTTP host headers: 138.68.107.4 nilov-sergey-demo-apps.tk
when using a DNS zone file, one does not have to add them into there, alike on the localhost.
b) then either use the certbot command without the non-existent www virtual host:
sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk
or fix DNS and virtual host, in order to serve the www virtual host; then they should work for both. an A "address" record is being expected; but a CNAME "common name" record is being provided. to fix this you just have to change the type from CNAME to A and wait until it had been distributed.
see for yourself: non-www and www. HTTPS also does not respond, at all.
c) and to fix the virtual host configuration, you have to add the proper ServerAlias:
ServerName products-catalog.nilov-sergey-demo-apps.tk
ServerAlias www.products-catalog.nilov-sergey-demo-apps.tk
Upvotes: 1
Reputation: 6054
The domain www.products-catalog.nilov-sergey-demo-apps.tk does not resolve:
https://www.whatsmydns.net/#A/www.products-catalog.nilov-sergey-demo-apps.tk
So it's not a server configuration issue, you simply have to add the www.products-catalog subdomain record in you DNS manager,
or remove this: -d www.products-catalog.nilov-sergey-demo-apps.tk from the certbot command
Upvotes: 3
Related Questions
- issue with certbot to generate a ssl certificate
- Error Connection Time Out after Certbot certificate installation
- Certbot not found
- Certbot authenticator error with webroot setting
- ssl with certbot and nginx on ubuntu
- unable to config certbot with nginx to accept https
- certbot Failed authorization procedure error
- Certbot SSL certificate doesn't work
- unable to install certbot on Ubuntu 16.04
- Certbot throws TypeError