Ping a Specific Port

Question

Amanda

Asked: 2020-09-30 02:31:37 +0800 CST2020-09-30 02:31:37 +0800 CST 2020-09-30 02:31:37 +0800 CST

Unable to generate SSL certificate using letsencrypt

772

I am trying to generate an SSL certificate for a subdomain that was purchased using Wordpress. Both the domain and subdomain were purchased from Wordpress. For the subdomain created using Wordpress, I have created a A record with IP pointing to some external server. Now I want to generate a SSL certificate for this subdomain. How can I do this?

Here is what I tried using sudo certbot certonly --webroot command but gives the following errors.

What is it that I am missing?

1 Answers

Voted

JoCoaker · Answer 1 · 2020-09-30T03:28:32+08:00

You will need to perform the certificate generation action on the server with the IP you specified in your DNS A Record.

or

If that is not possible you can also execute the certbot command with the --manuel flag. (Official Docs)

$ sudo certbot certonly --manual

# ...
# ... Asked for domain name and IP logging
# ...
 
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.<your-domain> with the following value:
 
5TyIfZh7Q38VnQuUvsIWJt0QffSJvCnHNOnlEuRim66
 
Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue

Now here you will need to create a new DNS TXT record with the value displayed. (In this case its 2DYIfZh7Q38VnQuUvsIWJt0QffSJvCnHNOnlEuRim66) And wait a few minutes before pressing enter since the deployment will take some time. Don't delete the record afterwards, otherwise renewing will not work!

Now press enter and it should see sometime like this:

Waiting for verification...
Cleaning up challenges
 
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/<your-domain>/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/<your-domain>/privkey.pem
   Your cert will expire on xxxx-xx-xx. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:
 
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

And now your certificates will be laying in the folder /etc/letsencrypt/live/<your-domain>/.

Explanation on how the "HTTP challenge" works

Unable to generate SSL certificate using letsencrypt

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?