Score:0

Certbot unauthorized and connection errors

in flag

I have a spring boot application on Google Cloud, CentOS 7. I wish to install SSL certificate via Let's Encrypt and Certbot. When I use certbot --apache -d mydomain.zone command I receive an error:

enter image description here

My domain is registered on Namecheap. My A records on Google Cloud:

enter image description here

Also I provided google cloud nameservers in Namecheap like in this tutorial: https://www.wpmentor.com/setup-domain-google-cloud-platform/

enter image description here

Can you tell me where the issue is? I also wonder is there an issue with my java code in app. For example sometimes while accessing index page, error_page is called. When I have a method in my controller:

@RequestMapping(value = "/error_page", method = RequestMethod.GET)
public String homeError(Model model)
{
  return "/error_page";
}

I have a different certvbot error:

enter image description here

but when I comment/erase my controller method for error page I receive this error:

enter image description here

Can it be it's an application bug? Or issue with apache?

I tried to turn off Tomcat. Now I receive this error:

enter image description here

Note: My Apache forwards to 8080, I don't know will it make any issue?

iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port  8080
Score:1
bd flag

Let's Encrypt is attempting to verify your ownership of the server by spinning up a temporary web server and having the Let's Encrypt servers try to contact it.

You will need to:

  1. Disable any currently running web servers

  2. Make sure port 80 is accessible from the internet

You already took care of step 1 by stopping Apache, now you need to fix your iptables rule.

Looks like you're forwarding traffic from port 80 to port 8080, this is most likely why you're getting the Connection refused error, since the temporary web server's traffic is getting black-holed to port 8080. Disable/fix that rule and the verification should succeed.

LosmiNCL avatar
in flag
It works! I have a few questions: 1. I will return my redirect to 8080, because Apache is on 80 and Apache Tomcat is on 8080 and I don't wish 8080 to be visible in the URL. Will this be an issue when the certificate needs to be renewed? 2. My https part is colored in red and it says it's not secure. Is this normal with Let's encrypt or I need to do additional configurations in Apache files?
slightly_toasted avatar
bd flag
@LosmiNCL It won't be a problem as long as you can temporarily make port 80 reachable from the internet like you just did.
slightly_toasted avatar
bd flag
@LosmiNCL If https is red then something is wrong with your web server config. Most likely Apache Tomcat isn't pointed to the files generated by certbot.
LosmiNCL avatar
in flag
It's not red if I type https://mydomain, it's red only when it's https://ip_address so It's probably ok
slightly_toasted avatar
bd flag
@LosmiNCL yup you're all set
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.