Best way to setup HTTPS / SSL certificate?


(Tbaatar) #1

Matrix Version:

Hi,
I’m trying to setup HTTPS on Debain 8 using SSL certificate from Certbot but having difficulties with the following question after selecting the domain:

Q: Enter a new webroot?
A: /home/websites/squiz_matrix/core/web

and it throws up the following error:

Waiting for verification...
Cleaning up challenges
Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/l_tXScJtbmTJpBTjbpo1Ac0oH739dGghmElkj7r092Y: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: example.com
   Type:   unauthorized
   Detail: Invalid response from
   http://example.com/.well-known/acme-challenge/l_tXScJtbmTJpBTjbpo1Ac0oH739dGghmElkj7r092Y:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

Is the webroot correct for Matrix/Apache installation? or should it direct somewhere else?

Many thanks.
TB


(Tbaatar) #2

Went with a cheapest paid option from Comodo and the installation process was super simple.

  1. generate CSR using the open SSL command.

  2. place the order

  3. verify the domain with a special .txt verification

  4. once verified, the SSL certificates is sent to you, and place this in the /etc/ssl/ directory

  5. point to the SSL certificates from the virtual host configuration and listen on 443

  6. make sure the domain accpets HTTPS protocol in Squiz.

  7. nice green bar.


(David Schoen) #3

With Apache you’d just want an alias in front of the / one to catch .well-known, e.g I think this should work:

Alias /.well-known /var/www/lets-encrypt/.well-known

Then /var/www/lets-encrypt is your webroot.

I’ve only set up LE with Matrix using the Dehydrated client and Openresty though.


(Tbaatar) #4

Thanks for the pointer David.

I was trying to create /.well-known and it wouldn’t let me create in apache, so I ended up going with SSLS.com and purchased a $5 SSL from Comodo for 2 years , and created the /.well-know dir from Matrix.

Good to know that in future these sort of things needs to be done via Alias.

Thanks.
TB


(kensmith) #5

You Can take the help of ClickSSL.Net Support Team to setup an SSL Certificate Onn Your Website as they helped me to setup an SSL Certificate on my website. I purchased an SSL Certificate from them.