HTTPS for the backend
AdeBC opened this issue · comments
So far I have tried but had no success.
- Caddy to enable automatic HTTPS.
(base) huichong@ip-172-31-43-121:~/projects/caddy-learn$ sudo caddy run │··································
[sudo] password for huichong: │··································
2021/11/30 10:49:53.039 INFO using adjacent Caddyfile │··································
2021/11/30 10:49:53.040 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127│··································
.0.0.1:2019"]} │··································
2021/11/30 10:49:53.040 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "ht│··································
tps_port": 443} │··································
2021/11/30 10:49:53.040 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"} │··································
2021/11/30 10:49:53.041 INFO http enabling automatic TLS certificate management {"domains": ["huichong.me"]} │··································
2021/11/30 10:49:53.057 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000340af0"} │··································
2021/11/30 10:49:53.058 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"} │··································
2021/11/30 10:49:53.061 INFO tls finished cleaning storage units │··································
2021/11/30 10:49:53.427 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"} │··································
2021/11/30 10:49:53.427 INFO serving initial configuration- Certbot using
huichong.meas a test domain
(base) huichong@ip-172-31-43-121:~/projects/caddy-learn$ sudo certbot certonly --nginx │··································
Saving debug log to /var/log/letsencrypt/letsencrypt.log │··································
Please enter the domain name(s) you would like on your certificate (comma and/or │··································
space separated) (Enter 'c' to cancel): huichong.me │··································
Requesting a certificate for huichong.me │··································
│··································
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: │··································
Domain: huichong.me │··································
Type: unauthorized │··································
Detail: Invalid response from http://huichong.me/.well-known/acme-challenge/Z53Fx14Ma4rbAXW9VDO8FbqNehgcJOIBx5Jzus4A-I4 [185.199.111.153]: "<!DOCTYPE html>\n<html>\n <h│··································
ead>\n <meta http-equiv=\"Content-type\" content=\"text/html; charset=utf-8\">\n <meta http-equiv=\"Co" │··································
│··································
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that i│··································
t is accessible from the internet. │··································
│··································
Some challenges have failed. │··································
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.This will eat a lot of time. I cannot estimate how much. Any ideas?
Maybe transfer the entire backend to HWC server first and then come back to solve this. I don't have full access control of the AWS server so it's a bit hard. Also, it is slow.