Error while getting SSL using letsencrypt

#1

Requirement: Install SSL using letsencrypt as given in this wiki

Envinronment: Bahmni 0.92 on AWS is running and accessible from browser using ip as well as domain name.

Following commands executed from : A different Bahmni server

  1. should the httpd be stopped?

./letsencrypt-auto certonly --standalone -d <ourdomainname> -d <oursubdomainname> --debug

Throws error

Problem binding to port 80: Could not bind to IPv4 or IPv6.

When httpd is stopped it proceeds further but throws another error.

   Domain: <ourdomainname>

   Type:   unauthorized

   Detail: Invalid response from

   http://<ourdomainname>/.well-known/acme-challenge/Rq3v8Rq-...-empHzAP_U

   : "<HTML>\r\n<HEAD>\r\n<TITLE>404 Not

   Found</TITLE>\r\n<BASE href=\"/error_docs/\"><!--[if lte IE

   6]></BASE><![endif]-->\r\n</HEAD>\r\n<BODY>\r\n"
  1. Used ZeroSSL to get the certificate which is also recommended by letsencrypt.

In the first step of ZeroSSL it asks to copy certain specific files to specific location on the server to establish the ownership of the server and in the second step when it confirms the ownership a certificate is issued with an expiry of 3 months.

#2

Further exploring certbot which is recommended on Bahmni wiki to check if it also has such 2 step process I found that instead of --standalone flag the above command should be run using --manual mode

./letsencrypt-auto certonly --manual -d <ourdomainname> -d <oursubdomainname>

which then prompts to create a file with specific contents and like ZeroSSL when ownership is confirmed it issues certificate.

Should the wiki be modified accordingly?

1 Like
#4

I faced the same problem when trying to install SSL using LetsEncrypt following Bahmni wiki instructions. Same couldn’t bind to port 80 error.

So I triend to use the command below with manual mode. ./letsencrypt-auto certonly --manual -d -d Still http challenge failed as LetsEncrypt agent tried to find the token without prompting me to add the token in the server.

So, I tried to do a dns challenge instead which also failed as it again didn’t prompt me to change the dns record.

Then I followed this documentation to install and use chatbot. After installing chatbot I used dns challenge option and was able to pass domain validation.

  1. SSH into the serverSSH into the server running your HTTP website as a user with sudo privileges.

  2. Install CertbotRun these commands on the command line on the machine to install Certbot.

  3. wget https://dl.eff.org/certbot-auto

  4. sudo mv certbot-auto /usr/local/bin/certbot-auto

  5. sudo chown root /usr/local/bin/certbot-auto

  6. sudo chmod 0755 /usr/local/bin/certbot-auto

After installing I ran certbot-auto certonly command with manual option instead of stand-alone option. I also used DNS challenge.

More information is available here https://certbot.eff.org/lets-encrypt/centos6-other