I am using ubuntu ec2 apache server hosting nodejs webapp
and I am trying to use Lets-encrypt to get SSL certificate for my domain drugfair.org
the problem is when I applying sudo certbot --apache
get HTTP 01 challenge fail
Waiting for verification...
Challenge failed for domain drugfair.org
Challenge failed for domain www.drugfair.org
http-01 challenge for drugfair.org
http-01 challenge for www.drugfair.org
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: drugfair.org
Type: unauthorized
Detail: Invalid response from
http://drugfair.org/.well-known/acme-challenge/9hPXdeQ4ymWoNAoMtG0ewLzdQxljPMTuDUrTVBJWM7E
[18.***.*.**]: "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta
charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>ReferenceError:
/var/www"
Domain: www.drugfair.org
Type: unauthorized
Detail: Invalid response from
http://www.drugfair.org/.well-known/acme-challenge/AYVcrbDpcp3ubI0P-pXp0wx_McMlGiopZOzJzhAqyQw
[18.***.*.**]: "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta
charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>ReferenceError:
/var/www"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
but when I try to access my website from browser through
http://drugfair.org or through 18.***.*.**:3100/
it is accessible without reference errors
but when I try to access my website from inside ec2 using this command
curl http://18.***.**.*:3100
gives me reference error
Related
I have one site deployed on AWS Rosa. This site is secured with https protocol. I am trying to create Route53 healthcheck for that site. The Route53 healthcheck fails stating reason -
Failure: Resolved IP: x.x.x.x. SSL communication failure: Received fatal alert: protocol_version
However I am able to access the site on browser.
As mentioned at-
https://aws.amazon.com/premiumsupport/knowledge-center/route-53-fix-unhealthy-health-checks/
following curl command returns me httpcode 200 and response time less than 1 second
curl -Ik -w "HTTPCode=%{http_code} TotalTime=%{time_total}\n" <http/https>://<domain-name/ip address>:<port>/<path> -so /dev/null
Also when I was trying to run same command with old curl version, I was getting error -
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
The error from Route53 also shows protocol version. Not sure if these 2 are related.
Anyone came across this issues , any pointers will be highly appreciated.
If site URL is accessible over browser, then Route53 health check should return healthy state
This is my first time building a server and hosting it to AWS EC2. When running the command sudo certbot certonly --standalone or sudo certbot certonly --webroot I recieved this error below
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: matthieuxroger.com
Type: unauthorized
Detail: Invalid response from http://matthieuxroger.com/.well-known/acme-challenge/nWRAFCcRUeVxZ0C5YtRg_9bihG2YQeqacUcGjxdCMzg [18.205.22.32]: "<!DOCTYPE html>\n<html>\n <head>\n <title>Matthieux Roger</title>\n <link rel='stylesheet' href='/stylesheets/style.css' />\n "
I am using nodejs on ubuntu 20 running on AWS EC2. Any help would be apprieciated.
When using the webroot method with Certbot, a web server is spun up that serves a single file, so that Let's Encrypt can verify the ownership of the server at a domain. But when LE accessed your domain, it got a different server that served a 404 page. It seems that the DNS for your domain isn't pointing to the EC2 instance that is requesting a certificate. (or perhaps it has been updated but just hasn't propagated yet). You need to update the DNS records to point to the server requesting a certificate with certbot. Alternatively, you can use a different challenge type that doesn't require running a server to prove ownership (such as dns-01).
I have a little problem with CUPS 2.2.7
This is my /etc/hosts file:
127.0.0.1 example.com
127.0.0.1 localhost
in http://localhost:631/ CUPS is working right
but in http://example.com:631/ it doesn't work on the same pc.
The message error in View error log is that one:
E [21/Feb/2019:11:54:18 +0100] [Client 33] Request from "localhost" using invalid Host: field "example.com:631".
The web page on Firefox print an error message Invalid request and give me an Error (error code: 400) but seems point on CUPS.
How to solve this problem so that example.com:631 points to localhost and CUPS answers it successfully instead of Error 400: Access Denied.
By default cups servers HTTP requests only with HTTP Host header equal to "localhost". To allow it servicing requests for additional HTTP host headers use ServerAlias directive as described in the man cupsd.conf documentation. It's common to do the most unsafe thing and add
ServerAlias *
to /etc/cupsd.conf to allow all possible HTTP host headers to be serviced.
I know this is old, but I too was experiencing the same issue recently and I resolved it by updating the following line in cupsd.conf from:
Listen 0.0.0.0:631
changed to:
Listen *:631
For those that maybe care to know, I'm running CUPS within a docker container, and this change corrects the "Bad Request" response.
I want to deploy a mern project on ssl. Currently it is running on server with ip address but when I deploy it on ssl it is not running. It is working fine on http.
I have change on node modules transport-node and make it http to https.
1-I am using nginx as proxy server
When I deploy on ssl it give error:-
1-emitter.js?8a6f:50 OPTIONS https://privateIp:port/ net::ERR_SSL_PROTOCOL_ERROR
2-websocket.js?0f24:6 WebSocket connection to 'ws://privateip/sockjs-node/831/bocznd0p/websocket' failed: Error during WebSocket handshake: Unexpected response code: 400
3- your request is http,while it is require https.(handshake problem)
As i have enabled default-ssl site in my ubuntu linux server. When I load the site with Google Chrome I get this error:
SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
With Firefox:
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
As i have check log file of apache2. Which say suhosin-path mod_ssl
[Fri Apr 04 16:29:33 2014] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.9 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/1.0.1 mod_perl/2.0.5 Perl/v5.14.2 configured -- resuming normal operations
FYI,
when i run command "apachectl -S" i get this error
/usr/sbin/apachectl: 87: ulimit: error setting limit (Operation not permitted)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl:2)
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default:1)
Syntax OK
if i run "apachectl configtest"
/usr/sbin/apachectl: 87: ulimit: error setting limit (Operation not permitted)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
Syntax OK
EDIT 1
I am getting below error also
Invalid method in request \x16\x03\x01
Please help me.
It looks like you are setting up an HTTP server on port 443, e.g on a port usually used for HTTPS (HTTP wrapped inside a SSL connection). The Invalid method in request \x16\x03\x01 you get on the server side is the start of the SSL handshake of from the client. And because the client does not get the expected answer back from the server it complains.
I don't know what your intention with this setup is, but
if you want to use only HTTP keep the listener on port 80 and remove the one on port 443
if you want to set up HTTPS you need certificates etc (there is enough documentation out there)
Ok, Here is the solution.
As my domain (example.com) is configured for port forwarding and It was mapping to my Local server
To Access my local server through example.com
It was like this:
http://example.com:1234/project_name
and i was configuring my local server for https
which was accessible as
https://192.168.**.***/project_name
But it was giving error (Invalid method in request \x16\x03\x01) for below url
https://example.com:1234/project_name
Because example.com was not configured for ssl.