Best way to setup HTTPS / SSL certificate?

Squiz Matrix Support
1

Matrix Version:

Hi,
I’m trying to setup HTTPS on Debain 8 using SSL certificate from Certbot but having difficulties with the following question after selecting the domain:

Q: Enter a new webroot?
A: /home/websites/squiz_matrix/core/web

and it throws up the following error:

Waiting for verification...
Cleaning up challenges
Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/l_tXScJtbmTJpBTjbpo1Ac0oH739dGghmElkj7r092Y: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: example.com
   Type:   unauthorized
   Detail: Invalid response from
   http://example.com/.well-known/acme-challenge/l_tXScJtbmTJpBTjbpo1Ac0oH739dGghmElkj7r092Y:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

Is the webroot correct for Matrix/Apache installation? or should it direct somewhere else?

Many thanks.
TB

2

Went with a cheapest paid option from Comodo and the installation process was super simple.

  1. generate CSR using the open SSL command.

  2. place the order

  3. verify the domain with a special .txt verification

  4. once verified, the SSL certificates is sent to you, and place this in the /etc/ssl/ directory

  5. point to the SSL certificates from the virtual host configuration and listen on 443

  6. make sure the domain accpets HTTPS protocol in Squiz.

  7. nice green bar.

3

With Apache you’d just want an alias in front of the / one to catch .well-known, e.g I think this should work:

Alias /.well-known /var/www/lets-encrypt/.well-known

Then /var/www/lets-encrypt is your webroot.

I’ve only set up LE with Matrix using the Dehydrated client and Openresty though.

4

Thanks for the pointer David.

I was trying to create /.well-known and it wouldn’t let me create in apache, so I ended up going with SSLS.com and purchased a $5 SSL from Comodo for 2 years , and created the /.well-know dir from Matrix.

Good to know that in future these sort of things needs to be done via Alias.

Thanks.
TB

5

You Can take the help of ClickSSL.Net Support Team to setup an SSL Certificate Onn Your Website as they helped me to setup an SSL Certificate on my website. I purchased an SSL Certificate from them.

6

Hello there,

first of all wherever you have purchased an ssl kindly ask their support team.

Suggesting you an article for detailed information for setup https/ssl certificate : How to Generate a Certificate Signing Request

If you still have any queries kindly drop a message here or you can contact their technical support team.

7

Hey, I had a similar issue before. If Certbot is asking for the Webroot, it has to match exactly where your site’s files are being served from. For Squiz Matrix, it’s usually /home/websites/squiz_matrix, not the full /core/web path. You can double-check this in your Apache config.

I got my SSL from CheapSSLWeb and their support team helped me with the full setup. They also guided me on CSR generation and installation, which made things much easier. You can try reaching out to them if you’re stuck. Hope it helps!