The title is pretty explanatory regarding the tools I am using but I will try to elaborate further:
- I have a No-IP DDNS that is publicly accessible
- Port forwarding is configured for port 80
- The port 80 forwarding points to a Raspberry Pi that I am using as an apache2 server
- The RPi is running Raspbian GNU/Linux 9 (Stretch) kernel 4.9.80-v7+
- I can see the contents of the
index.htmlby navigating to < DDNS-name >:80 in a web browser using an external network - I need to issue SSL certificates to convert to HTTPS for hosting of an Alexa skill
For the Stretch, Certbot usage is here: https://certbot.eff.org/lets-encrypt/debianstretch-apache
Per the link, I run:
sudo certbot --authenticator webroot --installer apache
and proceed through the configuration up to the verification stage, at which point I get the following:
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. <DDNS-name> (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://<DDNS-name>/.well-known/acme-challenge/yDloDClARe-ZW1KxiqAUSCE4ZUoNCOzpmDFvcrdx9WE: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: <DDNS-name>
Type: connection
Detail: Fetching
http://<DDNS-name>/.well-known/acme-challenge/yDloDClARe-ZW1KxiqAUSCE4ZUoNCOzpmDFvcrdx9WE:
Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
I wouldn't expect any firewall issues or name issues if I can access server publicly.
I've found some interesting results regarding my issue:
- "In addition, it won’t work at all if you’re serving a website with a dynamic DNS service." - https://www.booleanworld.com/adding-https-website-lets-encrypt/
- "Do you support dynamic DNS services like No-IP?... But Let’s Encrypt supports this. So you don’t have to care about your DynDNS service." - https://community.letsencrypt.org/t/dyndns-no-ip-managed-dns-support/883/6
- Not sure how to change the challenges for verification (maybe this is why it's not verifying?) - https://community.letsencrypt.org/t/ddns-and-lets-encrypt/31870/2
Would appreciate any/all help on this, thanks!
EDIT: After changing DocumentRoot from /var/www/<DDNS-name> to /var/www/<DDNS-name>/, I get the following:
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. <DDNS-name> (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://<DDNS-name>/.well-known/acme-challenge/pdyt7okkiqgYR2YemcBfFBXf78D4cGUw6eP41BgZtsQ: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: <DDNS-name>
Type: unauthorized
Detail: Invalid response from
http://<DDNS-name>/.well-known/acme-challenge/pdyt7okkiqgYR2YemcBfFBXf78D4cGUw6eP41BgZtsQ:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
EDIT 2 (File structure):
pi@butters-pi:/var/www $ ls
<DDNS-name>
pi@butters-pi:/var/www $ cd <DDNS-name>/
pi@butters-pi:/var/www/<DDNS-name> $ ls
alexa.php CHANGELOG.md config.php LICENSE mintLib.php public_html README.md
pi@butters-pi:/var/www/<DDNS-name> $ cd public_html/
pi@butters-pi:/var/www/<DDNS-name>/public_html $ ls
index.html
