I would like to create an SSL certificate using certbot for subdomains pointing to my domain. But upon generating the command below, I am receiving this error: certbot.errors.PluginError: Unable to find a Route53 hosted zone for _acme-challenge.hello.example.com
Here's the command:
sudo certbot certonly -d hello.example.com --dns-route53 -n --agree-tos --non-interactive --server https://acme-v02.api.letsencrypt.org/directory -i apache
Main subdomain: my.subdomain.com
Other subdomains:
hello.example.com -> CNAME to secure.subdomain.com
world.another-example.com -> CNAME to secure.subdomain.com
So visiting these subdomains should show the my.subdomain.com webpage with their corresponding SSL certificate.
This error usually occurs when you have valid AWS credentials, but your domain is not listed in Route53 of that AWS account.
Check ~/.aws/credentials file - does it contain credentials for particular aws account with this hosted-zone
It should be default profile. e.x.
[default]
aws_access_key_id = your_aws_id_hosted_zone
aws_secret_access_key = your_aws_secret_hosted_zone
Related
I need to install Let's Encrypt Certificate for https to localhost, for development reason,
I mapped localhost to dev.{ MyDomain }.com in file /etc/hosts, but when I run
certbot certonly --manual
and I set dev.{ MyDomain }.com
I get this error:
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: dev.{ MyDomain }.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for dev.{ MyDomain }.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for dev.{ MyDomain }.com - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.
Some challenges have failed.
off course I have the correct string when I make a http request to http://dev.{ MyDomain }.com/.well-known/acme-chellenge/<challeng-file>
This is my first time building a server and hosting it to AWS EC2. When running the command sudo certbot certonly --standalone or sudo certbot certonly --webroot I recieved this error below
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: matthieuxroger.com
Type: unauthorized
Detail: Invalid response from http://matthieuxroger.com/.well-known/acme-challenge/nWRAFCcRUeVxZ0C5YtRg_9bihG2YQeqacUcGjxdCMzg [18.205.22.32]: "<!DOCTYPE html>\n<html>\n <head>\n <title>Matthieux Roger</title>\n <link rel='stylesheet' href='/stylesheets/style.css' />\n "
I am using nodejs on ubuntu 20 running on AWS EC2. Any help would be apprieciated.
When using the webroot method with Certbot, a web server is spun up that serves a single file, so that Let's Encrypt can verify the ownership of the server at a domain. But when LE accessed your domain, it got a different server that served a 404 page. It seems that the DNS for your domain isn't pointing to the EC2 instance that is requesting a certificate. (or perhaps it has been updated but just hasn't propagated yet). You need to update the DNS records to point to the server requesting a certificate with certbot. Alternatively, you can use a different challenge type that doesn't require running a server to prove ownership (such as dns-01).
problem statement
I am in the process to create a certificate for my domain with the help of certbot. same procedure I tried for other environments, from the same machine, and for the same domain. but today I am unable to create a certificate.
steps taken (same steps I took for other environments in past for same domain and it works fine)
please note my domain is registered domain nameAzurezure
certbot -d api.stg.<my domain> --manual --preferred-challenges dns certonly
this command provide me text record. this txt record i added in my AZure DNS zone with key _acme-challenge.api.stg
when I click enter I get the following error
Failed authorization procedure. api.stg.<my domain> (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up CAA for api.stg.<my domain>
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: api.stg.<my domain>
Type: None
Detail: DNS problem: SERVFAIL looking up CAA for
api.stg.<my domain>
you need to create CAA dns record for Azure DNS hosted (or any other) domain zones for lets encrypt to work. Here's example powershell (cannot be done in portal as of now):
New-AzDnsRecordSet -Name # -ResourceGroupName %rg% -ZoneName %zone% -Ttl 3600 -RecordType CAA `
-DnsRecords (New-AzDnsRecordConfig -Caaflags 0 -CaaTag "issue" -CaaValue "letsencrypt.org")
I have a domain bought from GoDaddy. I have set the custom name servers this
ns1.domain.com
ns2.domain.com
and set hostname
ns1 52.70.xxx.xxx(aws ip)
ns2 52.70.xxx.xxx (aws ip)
As I have installed WHM in my amazon aws instance. so In WHM, I have created an account and then went to Edit DNS Zone and added A records. These are my settings there
But I don't see my domain working and I am not able to see Cpanel of the domain as well.
what am I missing?
Please follow these steps to integrate your domain into whm and create a cpanel.
Create an account in WHM by going into Account Functions->Create Account: enter your domain here
Go to DNS Functions->Edit Dns Zone and click your domain and add A records
Then Go to Godaddy or any Company where you have purchased your domain and edit the name servers. For example if the nameservers you set in whm dns were ns1 and ns2 then same add here(e.g godaddy). In your case it would be
ns1.domain.com
ns2.domain.com
Click Manage hostname in Godaddy and add
ns1 52.70.xxx.xxx(aws ip)
ns2 52.70.xxx.xxx (aws ip)
Your domain should be working here. But If still It didn't work then
Check if ports(2087,2083,53,2095) are open. Check it from the terminal
nmap -Pn -sT 172.31.iphere --reason -p 2087,2083,2095,53
If any port is closed. Open it from the aws by going into Security Firewall.
Please note, 2083 and 2095 will always show as closed from external port scans as these ports are only opened publicly based on valid sessions established from within the cPanel server.
Verify again if your DNS port is opened
nmap -Pn -sT 172.31.iphere --reason -sU -p 53
After opening all the ports rebuilt your DNS configuration on the server by typing these commands on the terminal
cpanel root#9449099 /var/named]cPs# cd /etc
cpanel root#9449099 /etc]cPs# mkdir /root/cptechs
cpanel root#9449099 /etc]cPs# mv named.conf /root/cptechs
cpanel root#9449099 /etc]cPs# mv rndc.* /root/cptechs
cpanel root#9449099 /etc]cPs# /scripts/rebuilddnsconfig
Hope it helps
Are you using Nameservers for domain.com that are ns1/2.domain.com?
If this is the case the domain will not be able to resolve without adding the ns1/2. as "Child Nameservers".
You can create that for your domain through GoDaddy https://uk.godaddy.com/help/add-my-own-host-names-as-nameservers-12320
Alternatively - you can post your domain so we can troubleshoot it if it's a DNS issue.
I am new to SSL encryptions and need help! (Using cert bot).
I recently activated SSL on a website that runs on apache and linux on port 80. So, the current website looks like:
http://example.com --> https://example.com (done)
However, I have backend running on port 4000 and want to encrypt that as well to avoid "Mixed Content" page error:
http://example.com:4000 --> https://example.com:4000 (Not done yet)
This is exactly what I need and no work around would help. Please guide.
Thanks in advance! :-)
You can create a new subdomain subdomain.example.com and point it to example.com:4000 and then request a new SSL certificate from LetsEncrypt and specify multiple subdomains when requesting a certificate using certbot.
certbot certonly --webroot -w /var/www/example/ -d www.example.com -d example.com -w /var/www/other -d other.example.net -d another.other.example.net
When you have the certificate and key, add it in your webserver config
Check out the official certbot documentation here