Error while getting SSL using letsencrypt

#1

Requirement: Install SSL using letsencrypt as given in this wiki

Envinronment: Bahmni 0.92 on AWS is running and accessible from browser using ip as well as domain name.

Following commands executed from : A different Bahmni server

  1. should the httpd be stopped?

./letsencrypt-auto certonly --standalone -d <ourdomainname> -d <oursubdomainname> --debug

Throws error

Problem binding to port 80: Could not bind to IPv4 or IPv6.

When httpd is stopped it proceeds further but throws another error.

   Domain: <ourdomainname>

   Type:   unauthorized

   Detail: Invalid response from

   http://<ourdomainname>/.well-known/acme-challenge/Rq3v8Rq-...-empHzAP_U

   : "<HTML>\r\n<HEAD>\r\n<TITLE>404 Not

   Found</TITLE>\r\n<BASE href=\"/error_docs/\"><!--[if lte IE

   6]></BASE><![endif]-->\r\n</HEAD>\r\n<BODY>\r\n"
  1. Used ZeroSSL to get the certificate which is also recommended by letsencrypt.

In the first step of ZeroSSL it asks to copy certain specific files to specific location on the server to establish the ownership of the server and in the second step when it confirms the ownership a certificate is issued with an expiry of 3 months.

#2

Further exploring certbot which is recommended on Bahmni wiki to check if it also has such 2 step process I found that instead of --standalone flag the above command should be run using --manual mode

./letsencrypt-auto certonly --manual -d <ourdomainname> -d <oursubdomainname>

which then prompts to create a file with specific contents and like ZeroSSL when ownership is confirmed it issues certificate.

Should the wiki be modified accordingly?

1 Like