Hello,
I wonder whether someone can help me, please. I’ve set up the apache server with ssl and want to use let’s encrypt. But during the certbot setup, it gives me error, that the server can communicate only HTTP, not TLS. I’ll try to post the whole message later, when I get to the server.
BTW, port 443 is open and I have listen 443 in yast http config.
Thank you for help:)
It’s also worth asking where you installed certbot from because the one in the repositories does not make functional certificates but instead uses the staging one which is for testing purposes without changing the configuration file.
Hi, I’ve installed certbot from official repo and changed the configuration file according to the guide, so it should not be a problem, I guess.
OK, this is the message I got when trying to run: certbot --apache
Performing the following challenges:
tls-sni-01 challenge for cloud.***.sk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloud.***.sk (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Server only speaks HTTP, not TLS
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: cloud.***.sk
Type: malformed
Detail: Server only speaks HTTP, not TLS
To fix these errors, please make sure that you did not provide any
invalid information to the client, and try running Certbot again.
I guess there is some issue with apache conf?
Thank you very much for your help;)
You should do the initial configuration using HTTP and then switch to HTTPS for subsequent 90-day refreshes.
I’m not sure if you can use self-signed certificates for 443 with certbot.
Thank you for the information, but I’m not sure I understand;) Let’s Encrypt certificates are self-signed? I thought they were issued by Let’s Encrypt:) Anyway, this is the guide I followed: https://en.opensuse.org/Let’s_Encrypt
Are there some steps necessary before I can use 443, except the SSL module for apache?
Thanks, appreciate your help.
No no, I meant in order for your SSL server to function in the first place you would have had to create a self-signed certificate - LE ones are naturally not self-signed.
Judging by the error message it’s trying to talk HTTPS to a HTTP port - meaning it’s trying to connect to :443 (https) but it reports it doesn’t support HTTPS.
Could you show us your letsencrypt configuration from /etc/certbot/ ?
Am Wed, 02 Aug 2017 05:16:01 +0000 schrieb taoroot:
> Hello,
>
> I wonder whether someone can help me, please. I’ve set up the apache
> server with ssl and want to use let’s encrypt. But during the certbot
> setup, it gives me error, that the server can communicate only HTTP, not
> TLS. I’ll try to post the whole message later, when I get to the server.
>
> BTW, port 443 is open and I have listen 443 in yast http config.
Do you have enabled preferred-challenges = tls-sni-01 in /etc/certbot/
cli.ini?
See: https://certbot.eff.org/docs/using.html#getting-certificates-and-
choosing-plugins
Regards
Eric
Thank you for help, I had to use this command: certbot certonly **–**webroot **-**w /var/www/example/ **-d www.example.**com
And manually edit the vhost file a everything works now;)