Tag Archives forssl

404 Not found on SSL certificate renew with certbot from letsencrypt

I spend a lot of time figuring out why I kept getting a ‘404 Not Found’ when I wanted to renew my SSL Certificate with certbot.

Long story short: invalid ipv6 DNS Mapping.

I got it working by removing the ipv6 DNS entry. I’ll be fixing it in a proper way when there is more time available.

But there were other gotcha’s as well:

  • basic auth on the directory
  • iptables blocking certain traffic

 



Free SSL certificates with LetsEncrypt

Getting your website on https can be done in a matter of minutes. So there is no excuse anymore to go without it. Not even on your test and dev websites.

As this example is on CentOS, it really goes for any other linux distro.

Excellent, tailor-made instructions per webserver and OS are found on the website of Certbot:
https://certbot.eff.org/

Here, a short recap of that for my own archive.

You’ll need the repel repository for this. After that, install the certbot software.


 

Getting your website secured with SSL is now as simple as answering some questions on the following command.

Note: I’m using a method which takes a bit of downtime because LetsEncrypt is in the middle of an update. Read all about it


 

Things which might throw you an error

python-urllib3 version

First caveat for CentOS7 is that you need specific version 1.21 for urllib3. I had 1.22 installed via yum which gave me the following error.


You can see the currently installed version with pip:
pip freeze | grep urllib
To resolve this, first remove the old version it with yum and then add it with pip:

pyOpenSSL version

Just like urllib3, pyOpenSSL was of an unsupported version.

Error message stating that the CA can’t be satisfied

After running
certbot --nginx
you get the following error:


Due to legal reasons there currently is no

From the github certbot website:

If you’re serving files for that domain out of a directory on Nginx, you can run the following command:


If you’re not serving files out of a directory (for instance if you are using proxy_pass), you can temporarily stop your server while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like:


 

>