Best way to setup HTTPS / SSL certificate?

tbaatar · 2018-03-16 15:30:20 UTC

Matrix Version:

Hi,
I’m trying to setup HTTPS on Debain 8 using SSL certificate from Certbot but having difficulties with the following question after selecting the domain:

Q: Enter a new webroot?
A: /home/websites/squiz_matrix/core/web

and it throws up the following error:

Waiting for verification...
Cleaning up challenges
Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/l_tXScJtbmTJpBTjbpo1Ac0oH739dGghmElkj7r092Y: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: example.com
   Type:   unauthorized
   Detail: Invalid response from
   http://example.com/.well-known/acme-challenge/l_tXScJtbmTJpBTjbpo1Ac0oH739dGghmElkj7r092Y:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

Is the webroot correct for Matrix/Apache installation? or should it direct somewhere else?

Many thanks.
TB

tbaatar · 2018-03-17 15:36:04 UTC

Went with a cheapest paid option from Comodo and the installation process was super simple.

generate CSR using the open SSL command.
place the order
verify the domain with a special .txt verification
once verified, the SSL certificates is sent to you, and place this in the /etc/ssl/ directory
point to the SSL certificates from the virtual host configuration and listen on 443
make sure the domain accpets HTTPS protocol in Squiz.
nice green bar.

dschoen · 2018-03-18 21:30:05 UTC

With Apache you’d just want an alias in front of the / one to catch .well-known, e.g I think this should work:

Alias /.well-known /var/www/lets-encrypt/.well-known

Then /var/www/lets-encrypt is your webroot.

I’ve only set up LE with Matrix using the Dehydrated client and Openresty though.

tbaatar · 2018-03-18 21:57:26 UTC

Thanks for the pointer David.

I was trying to create /.well-known and it wouldn’t let me create in apache, so I ended up going with SSLS.com and purchased a $5 SSL from Comodo for 2 years , and created the /.well-know dir from Matrix.

Good to know that in future these sort of things needs to be done via Alias.

Thanks.
TB

kensmith · 2021-06-04 07:24:09 UTC

You Can take the help of ClickSSL.Net Support Team to setup an SSL Certificate Onn Your Website as they helped me to setup an SSL Certificate on my website. I purchased an SSL Certificate from them.