Letsencrypt and Phoenix 1.3

Hello ( its me again sorry ;-; )

I’ve follow all the tutorial from here

but when I run echo "A"| certbot certonly --config /etc/letsencrypt/letsencrypt.ini its dont authenticate, seems like cannot read the static file generated on the server, I already have tested adding a html to test is works and works correctly, anyone knows how I can fix this?

Api enpoints

http://api.jikan.me/.well-known/acme-challenge/XXXYYY.html
http://api.jikan.me/.well-known/XXXYYY.html

I cant try more or letsencrypt will complete block me

greetings!

1 Like

you can stop the phoenix server and then run certbot certonly

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

> certbot certonly --standalone -d example.com -d www.example.com

otherwise you need to figure out what is wrong with your current config most likely something wrong in /etc/letsencrypt/letsencrypt.ini

if you post the result of cat /etc/letsencrypt/letsencrypt.ini

2 Likes

Thanks it works with the command, but now the website don’t load when I config everything, here my prod.exs config

  url: [host: "api.jikan.me", port: 443],
  http: [port: 80],
  force_ssl: [rewrite_on: [:x_forwarded_proto]],
  https: [port: 443,
  keyfile: "/etc/letsencrypt/live/api.jikan.me/fullchain.pem",
  cacertfile: "/etc/letsencrypt/live/api.jikan.me/chain.pem",
  certfile: "/etc/letsencrypt/live/api.jikan.me/cert.pem"]

(Ialready tried with the same config as the tutorial but still without work)
the url of the app its https://api.jikan.me/anime/1

the app logs just this:

16:22:09.669 [info] Running MalApi.Web.Endpoint with Cowboy using http://0.0.0.0:80
16:22:09.679 [info] Running MalApi.Web.Endpoint with Cowboy using https://0.0.0.0:443

Any idea what can be wrong?

EDIT: I have also check my GCP firewal rues, the instance has the Network tags http-server, https-server

force_ssl: [rewrite_on: [:x_forwarded_proto]],
I believe this is for use behind reverse proxies(nginx, on heroku etc), for now lets comment that line out and get http and https working (then later on just do force_ssl: [hsts: true] I think)

keyfile: "/etc/letsencrypt/live/api.jikan.me/fullchain.pem",
all other places has keyfile: "/etc/letsencrypt/live/yourdomain.com/privkey.pem", - notice the privkey.pem part - is that correct?

also after port: 443, you are missing the otp_app: :app_name, part

2 Likes

Thanks, Well ready I have changed to this:

url: [host: "api.jikan.me", port: 443],
  http: [port: 80],
  # force_ssl: [rewrite_on: [:x_forwarded_proto]],
  https: [port: 443,
  otp_app: :mal_api,
  keyfile: "/etc/letsencrypt/live/api.jikan.me/fullchain.pem",
  cacertfile: "/etc/letsencrypt/live/api.jikan.me/chain.pem",
  certfile: "/etc/letsencrypt/live/api.jikan.me/cert.pem"]

All files exist, ssl still without work, but http working normally ex:

https://api.jikan.me/anime/1 (not working)
http://api.jikan.me/anime/1 (working)

well just have to set keyfile: to privkey and it should work;-)

1 Like

Man so many thanks!!! Its working right now :smiley:

:tada: and with force_ssl: working :tada:

remember to set up cron for the certbot renew

also read Making SSL tests all pass for Phoenix + Let's Encrypt
to get A+ on https://www.ssllabs.com/ssltest/analyze.html?d=api.jikan.me - but you can do that anytime, and it’s not that important.

1 Like

Thanks! Yeah I have run command to renew it :smiley:

I already did the tutorial and generate the dh file too, but the result keeps on “A” for ssllabs dunno why ^^’