Hello ( its me again sorry ;-; )
I’ve follow all the tutorial from here
but when I run echo "A"| certbot certonly --config /etc/letsencrypt/letsencrypt.ini
its dont authenticate, seems like cannot read the static file generated on the server, I already have tested adding a html to test is works and works correctly, anyone knows how I can fix this?
Api enpoints
http://api.jikan.me/.well-known/acme-challenge/XXXYYY.html
http://api.jikan.me/.well-known/XXXYYY.html
I cant try more or letsencrypt will complete block me
greetings!
1 Like
you can stop the phoenix server and then run certbot certonly
…
To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:
> certbot certonly --standalone -d example.com -d www.example.com
otherwise you need to figure out what is wrong with your current config most likely something wrong in /etc/letsencrypt/letsencrypt.ini
if you post the result of cat /etc/letsencrypt/letsencrypt.ini
2 Likes
Thanks it works with the command, but now the website don’t load when I config everything, here my prod.exs config
url: [host: "api.jikan.me", port: 443],
http: [port: 80],
force_ssl: [rewrite_on: [:x_forwarded_proto]],
https: [port: 443,
keyfile: "/etc/letsencrypt/live/api.jikan.me/fullchain.pem",
cacertfile: "/etc/letsencrypt/live/api.jikan.me/chain.pem",
certfile: "/etc/letsencrypt/live/api.jikan.me/cert.pem"]
(Ialready tried with the same config as the tutorial but still without work)
the url of the app its https://api.jikan.me/anime/1
the app logs just this:
16:22:09.669 [info] Running MalApi.Web.Endpoint with Cowboy using http://0.0.0.0:80
16:22:09.679 [info] Running MalApi.Web.Endpoint with Cowboy using https://0.0.0.0:443
Any idea what can be wrong?
EDIT: I have also check my GCP firewal rues, the instance has the Network tags http-server, https-server
force_ssl: [rewrite_on: [:x_forwarded_proto]],
I believe this is for use behind reverse proxies(nginx, on heroku etc), for now lets comment that line out and get http and https working (then later on just do force_ssl: [hsts: true] I think)
keyfile: "/etc/letsencrypt/live/api.jikan.me/fullchain.pem",
all other places has keyfile: "/etc/letsencrypt/live/yourdomain.com/privkey.pem",
- notice the privkey.pem part - is that correct?
also after port: 443,
you are missing the otp_app: :app_name,
part
2 Likes
Thanks, Well ready I have changed to this:
url: [host: "api.jikan.me", port: 443],
http: [port: 80],
# force_ssl: [rewrite_on: [:x_forwarded_proto]],
https: [port: 443,
otp_app: :mal_api,
keyfile: "/etc/letsencrypt/live/api.jikan.me/fullchain.pem",
cacertfile: "/etc/letsencrypt/live/api.jikan.me/chain.pem",
certfile: "/etc/letsencrypt/live/api.jikan.me/cert.pem"]
All files exist, ssl still without work, but http working normally ex:
https://api.jikan.me/anime/1 (not working)
http://api.jikan.me/anime/1 (working)
well just have to set keyfile: to privkey and it should work;-)
1 Like
Man so many thanks!!! Its working right now
and with force_ssl: working
remember to set up cron for the certbot renew
also read Making SSL tests all pass for Phoenix + Let's Encrypt
to get A+ on https://www.ssllabs.com/ssltest/analyze.html?d=api.jikan.me - but you can do that anytime, and it’s not that important.
1 Like
Thanks! Yeah I have run command to renew it
I already did the tutorial and generate the dh file too, but the result keeps on “A” for ssllabs dunno why ^^’