Can't install SSL on my website with Let's Encrypt

Question

I'm trying to install SSL on my website following this guide https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04

As you can guess, I use ubuntu 20.04, and I'm stock on fourth step, after I press enter (or write 1) on question Which names would you like to activate HTTPS for? There's this output:

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: sugacards.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sugacards.com
Enabled Apache rewrite module
Waiting for verification...

Challenge failed for domain sugacards.com
http-01 challenge for sugacards.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: sugacards.com
   Type:   unauthorized
   Detail: Invalid response from
   http://sugacards.com/.well-known/acme-challenge/FA0pB7nMEk0_VIaeQPJStKNlXKX5kTqcvHmUi5ESVJ0
   [31.220.55.52]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

How can I fix this? It's my first time I install SSL on vps, so it's maybe a dumb question, but still, would be grateful to any answers :)

Answer 1

I also faced the same problem and will explain what I did to you step by step. Here I managed my SSL in vps server instead of a container.

First, enable the proxy and proxy_http modules in Apache. These modules are needed to set up the reverse proxy.

sudo a2enmod proxy 
sudo a2enmod proxy_http

I have multiple docker containers running on my server so I prefer to create separate conf files for each. Now create a sugacards.conf file in /etc/apache/sites-available/

in your sugacards.conf file put these code

<VirtualHost *:80>
  ServerName sugacards.com

  ProxyPreserveHost On
  ProxyPass / http://<DOCKER_IP>:8080/sugacards/
  ProxyPassReverse / http://<DOCKER_IP>:8080/sugacards/
</VirtualHost>

To know <DOCKER_IP>, type this command in your vps server terminal and then put it in your conf file and save it.

docker network inspect bridge | grep Gateway

after that restart your Apache server

sudo service apache2 restart

Now try to install SSL. if you are still getting issues you can debug them using the command

sudo apachectl configtest

then solve it and then restart the Apache server

sudo service apache2 restart

I hope it may help you and let me know if it does. :)

Answer 2

if you did a nameserver change for the domain you have to wait for some time. You also have to check if the port is opened especially port 80 for remote connection. You also have to stop any server from using that port. You can try the following command

sudo firewall-cmd --zone=public --permanent --add-port=80/tcp
sudo firewall-cmd --reload

Answer 3

It turned out that I just needed to do this:

sudo ufw enable

:D

Answer 4

They need to verify that you in fact own that domain since SSL certificates are based on trust. For them to keep trust, they need to make sure they never issue certificates to individuals who are not the owners of a specific domain. The way they do that is by giving you a challenge file which you need to host on your website at:

http://sugacards.com/.well-known/acme-challenge/FA0pB7nMEk0_VIaeQPJStKNlXKX5kTqcvHmUi5ESVJ0

Once that file is hosted there, they will do a request to that address to verify that you in fact own that website. All you need to do is host that file on that route. The way you would do that would depend on how your website is hosted.

If you provide more details on how your website is hosted I could edit this answer and give more details on how to do that.