Using Certbot (OwnCloud 9.0.2)
-
I'm using two guides:
JB's 8.2 OwnCloud Guide (Which I upgraded to 9.0.2 from)
CertbotJB's guide worked perfectly and my server is still functioning as intended after my upgrade to 9.0.2. I'm kind of unsure of how to get this working--Certbot that is. I followed the Certbot guides and it was kicking back errors a few weeks ago. My question is: Is there anything else I should do to prepare for certbot or is this supposed to work out of box essentially? The Digital Ocean guide requires you to do a lot more but I'm not sure if Certbot is taking care of those aspects or not.
Here is what I'm seeing afer I run ./certbot-auto
-
That's telling you that it doesn't know what domain to create the cert for. This just won't work generally. You'll need to add
ServerName mydomainname
to a configuration file in /etc/httpd/conf.d/mydomainname.conf virtualhost section. The .conf file for my server is:
<VirtualHost *:80> ServerName www.travisdh1.net ServerAlias travisdh1.net DocumentRoot /var/www/html ServerAdmin [email protected] Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" RewriteEngine on RewriteCond %{SERVER_NAME} =www.travisdh1.net [OR] RewriteCond %{SERVER_NAME} =travisdh1.net RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] </VirtualHost>
Once you get that setup correctly the certbot-auto script should work. You might have to make a few changes to /etc/httpd/conf.d/ssl.conf in order to get the server using the correct certs.
-
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
This would be https://skynetoc.skynetli.com ie https://hostname.domain.com correct?
-
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
This would be https://skynetoc.skynetli.com -- https://hostname.domain.com correct?
Right idea, wrong line
ServerName www.travisdh1.net
replace www.travisdh1.net with skynetoc.skynetli.com and remove the ServerAlias line
-
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
This would be https://skynetoc.skynetli.com -- https://hostname.domain.com correct?
Right idea, wrong line
ServerName www.travisdh1.net
replace www.travisdh1.net with skynetoc.skynetli.com and remove the ServerAlias line
The clarification is very appreciated. Thanks! Trying it now.
-
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
This would be https://skynetoc.skynetli.com -- https://hostname.domain.com correct?
Right idea, wrong line
ServerName www.travisdh1.net
replace www.travisdh1.net with skynetoc.skynetli.com and remove the ServerAlias line
Is the hostname required? If I only have one server I am pointing to that is an oC server couldn't I get away with just https://skynetli.com ?
-
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
This would be https://skynetoc.skynetli.com -- https://hostname.domain.com correct?
Right idea, wrong line
ServerName www.travisdh1.net
replace www.travisdh1.net with skynetoc.skynetli.com and remove the ServerAlias line
Is the hostname required? If I only have one server I am pointing to that is an oC server couldn't I get away with just https://skynetli.com ?
The servername needs to be whatever the incoming servername is in the URL.
-
@JaredBusch said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
This would be https://skynetoc.skynetli.com -- https://hostname.domain.com correct?
Right idea, wrong line
ServerName www.travisdh1.net
replace www.travisdh1.net with skynetoc.skynetli.com and remove the ServerAlias line
Is the hostname required? If I only have one server I am pointing to that is an oC server couldn't I get away with just https://skynetli.com ?
The servername needs to be whatever the incoming servername is in the URL.
Alright. Thanks for the info. Now I have to figure out what to do with my google domain. This is all new to me
-
-
I edited everything for it to be oc.skynetli.com and when I ran ./certbot-auto this is what it returned:
Failed authorization procedure. oc.skynetli.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for oc.skynetli.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: oc.skynetli.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for oc.skynetli.comTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
I'm unsure what I need to do with my A record to fix it if that is actually the problem.
-
-
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
I edited everything for it to be oc.skynetli.com and when I ran ./certbot-auto this is what it returned
Failed authorization procedure. oc.skynetli.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for oc.skynetli.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: oc.skynetli.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for oc.skynetli.comTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Do you have oc.skynetli.com in your public DNS?
-
-
@dafyre said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
I edited everything for it to be oc.skynetli.com and when I ran ./certbot-auto this is what it returned
Failed authorization procedure. oc.skynetli.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for oc.skynetli.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: oc.skynetli.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for oc.skynetli.comTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Do you have oc.skynetli.com in your public DNS?
And what does your owncloud server think of that DNS address? is it resolving locally?
-
-
@johnhooks said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
replace www.travisdh1.net
Nice test page
According to ssllabs.com, I have an A rating for SSL security on my test page
-
@dafyre said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
I edited everything for it to be oc.skynetli.com and when I ran ./certbot-auto this is what it returned
Failed authorization procedure. oc.skynetli.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for oc.skynetli.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: oc.skynetli.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for oc.skynetli.comTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Do you have oc.skynetli.com in your public DNS?
I believe so? Unsure how long it takes to apply. Or do I need to create a custom resource? I used to do this a long time ago just in a text document I uploaded using cpanel.
I can ping oc.skynetli.com but it 404's if I try to go to the URL. Is this due to it trying to access 45.63.4.232 instead of 45.63.4.232/owncloud?
-
-
@JaredBusch said in Using Certbot (OwnCloud 9.0.2):
@dafyre said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
I edited everything for it to be oc.skynetli.com and when I ran ./certbot-auto this is what it returned
Failed authorization procedure. oc.skynetli.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for oc.skynetli.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: oc.skynetli.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for oc.skynetli.comTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Do you have oc.skynetli.com in your public DNS?
And what does your owncloud server think of that DNS address? is it resolving locally?
Unsure of how to check that
-
-
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@JaredBusch said in Using Certbot (OwnCloud 9.0.2):
@dafyre said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
I edited everything for it to be oc.skynetli.com and when I ran ./certbot-auto this is what it returned
Failed authorization procedure. oc.skynetli.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for oc.skynetli.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: oc.skynetli.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for oc.skynetli.comTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Do you have oc.skynetli.com in your public DNS?
And what does your owncloud server think of that DNS address? is it resolving locally?
Unsure of how to check that
nslookup os.skynetli.com
-
-
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@JaredBusch said in Using Certbot (OwnCloud 9.0.2):
@dafyre said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
I edited everything for it to be oc.skynetli.com and when I ran ./certbot-auto this is what it returned
Failed authorization procedure. oc.skynetli.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for oc.skynetli.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: oc.skynetli.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for oc.skynetli.comTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Do you have oc.skynetli.com in your public DNS?
And what does your owncloud server think of that DNS address? is it resolving locally?
Unsure of how to check that
nslookup os.skynetli.com
non-existent domain
-
-
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@JaredBusch said in Using Certbot (OwnCloud 9.0.2):
@dafyre said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
I edited everything for it to be oc.skynetli.com and when I ran ./certbot-auto this is what it returned
Failed authorization procedure. oc.skynetli.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for oc.skynetli.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: oc.skynetli.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for oc.skynetli.comTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Do you have oc.skynetli.com in your public DNS?
And what does your owncloud server think of that DNS address? is it resolving locally?
Unsure of how to check that
nslookup os.skynetli.com
non-existent domain
so that means certbot will have no idea how to set stuff up
-
-
@JaredBusch said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@JaredBusch said in Using Certbot (OwnCloud 9.0.2):
@dafyre said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
I edited everything for it to be oc.skynetli.com and when I ran ./certbot-auto this is what it returned
Failed authorization procedure. oc.skynetli.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for oc.skynetli.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: oc.skynetli.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for oc.skynetli.comTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Do you have oc.skynetli.com in your public DNS?
And what does your owncloud server think of that DNS address? is it resolving locally?
Unsure of how to check that
nslookup os.skynetli.com
non-existent domain
so that means certbot will have no idea how to set stuff up
no it means I suck at typing. Totally typo'd.
-
-
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@JaredBusch said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@travisdh1 said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
@JaredBusch said in Using Certbot (OwnCloud 9.0.2):
@dafyre said in Using Certbot (OwnCloud 9.0.2):
@wirestyle22 said in Using Certbot (OwnCloud 9.0.2):
I edited everything for it to be oc.skynetli.com and when I ran ./certbot-auto this is what it returned
Failed authorization procedure. oc.skynetli.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for oc.skynetli.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: oc.skynetli.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for oc.skynetli.comTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Do you have oc.skynetli.com in your public DNS?
And what does your owncloud server think of that DNS address? is it resolving locally?
Unsure of how to check that
nslookup os.skynetli.com
non-existent domain
so that means certbot will have no idea how to set stuff up
no it means I suck at typing. Totally typo'd.
From what I can see it's correct on the server side? I'm guessing my settings on Google Domains are wrong. These are my options:
I'm using Google DNS:
ns-cloud-a1.googledomains.com
ns-cloud-a2.googledomains.com
ns-cloud-a3.googledomains.com
ns-cloud-a4.googledomains.com -