Jump to content
mstdmstdd

How to fix error setting SSL with certbot using?

Recommended Posts

Hello,
I try to set ssl for my php/laravel application under Digital Ocean with Kubuntu 18
as in this articles
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04

But I got error trying to use certbot to obtain a free SSL certificate :
# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
Apache Full                ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                                                                                                                                                                        
Apache Full (v6)           ALLOW       Anywhere (v6)                                                                                                                                                                   
443 (v6)                   ALLOW       Anywhere (v6)                                                                                                                                                                   
80 (v6)                    ALLOW       Anywhere (v6)                                                                                                                                                                   
22/tcp (v6)                ALLOW       Anywhere (v6)                                                                                                                                                                   
                                                                                                                                                                                                                       
# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk                                                                              
Saving debug log to /var/log/letsencrypt/letsencrypt.log                                                                                                                                                               
Plugins selected: Authenticator apache, Installer apache                                                                                                                                                               
Obtaining a new certificate                                                                                                                                                                                            
Performing the following challenges:
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.products-catalog.nilov-sergey-demo-apps.tk

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.products-catalog.nilov-sergey-demo-apps.tk
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up A for
   www.products-catalog.nilov-sergey-demo-apps.tk



products-catalog.nilov-sergey-demo-apps.tk - that is my domain I got on freenom.com and seaerch I found a hint that 
I need to add A-record for www subdomain

I tried to add new record as  preview
But trying to sumbit this page I got: 
Quote

• Error occured: Invalid value in dnsrecord




What is wrong ? Can new record be issue of my problem ? Or I need to move in other way ?



Configuration in appache is :
 <VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/lprods/public    
    ServerName products-catalog.nilov-sergey-demo-apps.tk
    ServerAlias products-catalog.nilov-sergey-demo-apps.tk
    
    <Directory /var/www/html/lprods/public>
      AllowOverride All
      Order Deny,Allow
      Allow from all
      Require all granted
    </Directory>
    
    Options FollowSymLinks
    DirectoryIndex index.php
    
    ErrorLog /var/www/html/lprods/storage/logs/error.log
    CustomLog /var/www/html/lprods/storage/logs/access.log combined
</VirtualHost>
with line in /etc/hosts
138.68.107.5  products-catalog.nilov-sergey-demo-apps.tk

Can it be issue with my problem ?

Thanks!
 

Share this post


Link to post
Share on other sites

"www.products-catalog.nilov- sergey -demo-apps. tk " does not resolve to an IP address.

You need either an "A" or a "CNAME" record for "www.products-catalog.nilov-sergey-demo-apps.tk"

An "A" record will point to the IP address.

But if "www.products-catalog.nilov- sergey -demo-apps. tk" has the same IP as "products-catalog.nilov- sergey -demo-apps. tk", then you can use a "CNAME" record pointing to "products-catalog.nilov- sergey -demo-apps. tk"

  • Great Answer 1

Share this post


Link to post
Share on other sites

Sorry I attached printscreen with my options and attempts to add new dns

link

 

Is it what I tried to do ?  Why I got error ?

Edited by mstdmstdd

Share this post


Link to post
Share on other sites

I made some more review and found next :
IP of my server is 138.68.107.4 and under ssh I enter the console of OS as 

ssh root@138.68.107.4

But in my /etc/hosts file I had next lines pointing to some other hosts on this server:

# 127.0.0.1 localhost
127.0.0.1 localhost.localdomain localhost
138.68.107.4  box.example.com box


# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

138.68.107.4  votes.nilov-sergey-demo-apps.tk
138.68.107.5  products-catalog.nilov-sergey-demo-apps.tk
138.68.107.6  csvp.nilov-sergey-demo-apps.tk

...

I modified 3 last lines as :

138.68.107.4  votes.nilov-sergey-demo-apps.tk
138.68.107.4  products-catalog.nilov-sergey-demo-apps.tk
138.68.107.4  csvp.nilov-sergey-demo-apps.tk

But I still not sure is that is valid value, as I have next error again:

# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk 
Saving debug log to /var/log/letsencrypt/letsencrypt.log 
Plugins selected: Authenticator apache, Installer apache 
Obtaining a new certificate 
Performing the following challenges: 
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk 
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk 
Waiting for verification... 
Cleaning up challenges 
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up 
A for www.products-catalog.nilov-sergey-demo-apps.tk 
 
IMPORTANT NOTES: 
 - The following errors were reported by the server: 
 
   Domain: www.products-catalog.nilov-sergey-demo-apps.tk 
   Type:   None 
   Detail: DNS problem: NXDOMAIN looking up A for 
   www.products-catalog.nilov-sergey-demo-apps.tk

 
 
 can reason of this error be in wrong IP in /etc/hosts or some other issue ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.