How to proceed without domain name? #4

New Issue

Closed

opened 2024-10-12 04:46:15 +02:00 by Benjamin_Loison · 7 comments

Benjamin_Loison commented 2024-10-12 04:46:15 +02:00

Owner

Copy Link

sudo certbot

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.

```bash sudo certbot ``` <details> <summary>Output:</summary> ``` Saving debug log to /var/log/letsencrypt/letsencrypt.log Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate. ``` </details>

Benjamin_Loison commented 2024-10-12 04:46:41 +02:00

Author

Owner

Copy Link

Would help YouTube-operational-API/issues/317.

Would help [YouTube-operational-API/issues/317](https://github.com/Benjamin-Loison/YouTube-operational-API/issues/317).

Benjamin_Loison changed title from How to proceed with domain name? to How to proceed without domain name? 2024-10-13 22:41:33 +02:00

Benjamin_Loison commented 2024-10-13 22:42:02 +02:00

Author

Owner

Copy Link

Related to Benjamin_Loison/HTTPS/issues/2.

Related to [Benjamin_Loison/HTTPS/issues/2](https://codeberg.org/Benjamin_Loison/HTTPS/issues/2).

Benjamin_Loison commented 2024-10-13 22:44:04 +02:00

Author

Owner

Copy Link

sudo certbot certonly --register-unsafely-without-email

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
2: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A seperate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): 
Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

```bash sudo certbot certonly --register-unsafely-without-email ``` <details> <summary>Output:</summary> ``` Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Runs an HTTP server locally which serves the necessary validation files under the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP server already running. HTTP challenge only (wildcards not supported). (standalone) 2: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported). (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Account registered. Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel): Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. ``` </details>

Benjamin_Loison commented 2024-10-14 00:27:02 +02:00

Author

Owner

Copy Link

Unclear how to have /etc/apache2/sites-enabled/default-ssl.conf.

Unclear how to have `/etc/apache2/sites-enabled/default-ssl.conf`.

Benjamin_Loison commented 2024-10-14 00:57:14 +02:00

Author

Owner

Copy Link

I just checked on a fresh Ubuntu 22 that sudo apt install -y apache2 installs this file.

I just checked on a fresh Ubuntu 22 that `sudo apt install -y apache2` installs this file.

Benjamin_Loison closed this issue 2024-10-14 00:57:15 +02:00

Benjamin_Loison commented 2024-10-14 01:04:10 +02:00

Author

Owner

Copy Link

sudo a2ensite default-ssl

Output:

Enabling site default-ssl.
To activate the new configuration, you need to run:
  systemctl reload apache2

sudo service apache2 reload

Output:

Warning: The unit file, source configuration file or drop-ins of apache2.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Job for apache2.service failed.
See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for details.

sudo service apache2 restart

Output:

Warning: The unit file, source configuration file or drop-ins of apache2.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for details.

service apache2 status | cat

Output:

Warning: The unit file, source configuration file or drop-ins of apache2.service changed on disk. Run 'systemctl daemon-reload' to reload units.
× apache2.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Sun 2024-10-13 22:59:02 UTC; 45s ago
   Duration: 1d 20h 20min 56.329s
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 22797 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
        CPU: 17ms

Oct 13 22:59:02 instance-20241012-0417 systemd[1]: Starting apache2.service - The Apache HTTP Server...
Oct 13 22:59:02 instance-20241012-0417 apachectl[22800]: AH00526: Syntax error on line 24 of /etc/apache2/sites-enabled/default-ssl.conf:
Oct 13 22:59:02 instance-20241012-0417 apachectl[22800]: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
Oct 13 22:59:02 instance-20241012-0417 systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Oct 13 22:59:02 instance-20241012-0417 systemd[1]: apache2.service: Failed with result 'exit-code'.
Oct 13 22:59:02 instance-20241012-0417 systemd[1]: Failed to start apache2.service - The Apache HTTP Server.

a2enmod ssl

Output:

Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Could not create /etc/apache2/mods-enabled/socache_shmcb.load: Permission denied

sudo service apache2 reload

Warning: The unit file, source configuration file or drop-ins of apache2.service changed on disk. Run 'systemctl daemon-reload' to reload units.

sudo service apache2 restart

Warning: The unit file, source configuration file or drop-ins of apache2.service changed on disk. Run 'systemctl daemon-reload' to reload units.

```bash sudo a2ensite default-ssl ``` <details> <summary>Output:</summary> ``` Enabling site default-ssl. To activate the new configuration, you need to run: systemctl reload apache2 ``` </details> ```bash sudo service apache2 reload ``` <details> <summary>Output:</summary> ``` Warning: The unit file, source configuration file or drop-ins of apache2.service changed on disk. Run 'systemctl daemon-reload' to reload units. Job for apache2.service failed. See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for details. ``` </details> ```bash sudo service apache2 restart ``` <details> <summary>Output:</summary> ``` Warning: The unit file, source configuration file or drop-ins of apache2.service changed on disk. Run 'systemctl daemon-reload' to reload units. Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for details. ``` </details> ```bash service apache2 status | cat ``` <details> <summary>Output:</summary> ``` Warning: The unit file, source configuration file or drop-ins of apache2.service changed on disk. Run 'systemctl daemon-reload' to reload units. × apache2.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Sun 2024-10-13 22:59:02 UTC; 45s ago Duration: 1d 20h 20min 56.329s Docs: https://httpd.apache.org/docs/2.4/ Process: 22797 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE) CPU: 17ms Oct 13 22:59:02 instance-20241012-0417 systemd[1]: Starting apache2.service - The Apache HTTP Server... Oct 13 22:59:02 instance-20241012-0417 apachectl[22800]: AH00526: Syntax error on line 24 of /etc/apache2/sites-enabled/default-ssl.conf: Oct 13 22:59:02 instance-20241012-0417 apachectl[22800]: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration Oct 13 22:59:02 instance-20241012-0417 systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE Oct 13 22:59:02 instance-20241012-0417 systemd[1]: apache2.service: Failed with result 'exit-code'. Oct 13 22:59:02 instance-20241012-0417 systemd[1]: Failed to start apache2.service - The Apache HTTP Server. ``` </details> ```bash a2enmod ssl ``` <details> <summary>Output:</summary> ``` Considering dependency mime for ssl: Module mime already enabled Considering dependency socache_shmcb for ssl: Enabling module socache_shmcb. Could not create /etc/apache2/mods-enabled/socache_shmcb.load: Permission denied ``` </details> ```bash sudo service apache2 reload ``` ``` Warning: The unit file, source configuration file or drop-ins of apache2.service changed on disk. Run 'systemctl daemon-reload' to reload units. ``` ```bash sudo service apache2 restart ``` ``` Warning: The unit file, source configuration file or drop-ins of apache2.service changed on disk. Run 'systemctl daemon-reload' to reload units. ```

Benjamin_Loison referenced this issue 2024-10-14 01:23:33 +02:00

ed25519 well supported on most known web-browsers (if even available for websites) such as Firefox, Chromium, Edge and Safari? #2

Benjamin_Loison commented 2024-10-14 01:34:45 +02:00

Author

Owner

Copy Link

openssl list -public-key-algorithms | grep Name

Output:

 Name: OpenSSL RSA method
 Name: rsa
 Name: OpenSSL PKCS#3 DH method
 Name: dsaWithSHA
 Name: dsaEncryption-old
 Name: dsaWithSHA1-old
 Name: dsaWithSHA1
 Name: OpenSSL DSA method
 Name: OpenSSL EC algorithm
 Name: OpenSSL RSA-PSS method
 Name: OpenSSL X9.42 DH method
 Name: OpenSSL X25519 algorithm
 Name: OpenSSL X448 algorithm
 Name: OpenSSL ED25519 algorithm
 Name: OpenSSL ED448 algorithm
 Name: sm2
  Name: OpenSSL RSA implementation
  Name: OpenSSL PKCS#3 DH implementation
  Name: OpenSSL DSA implementation
  Name: OpenSSL EC implementation
  Name: OpenSSL RSA-PSS implementation
  Name: OpenSSL X9.42 DH implementation
  Name: OpenSSL X25519 implementation
  Name: OpenSSL X448 implementation
  Name: OpenSSL ED25519 implementation
  Name: OpenSSL ED448 implementation
  Name: OpenSSL SM2 implementation
  Name: OpenSSL TLS1_PRF via EVP_PKEY implementation
  Name: OpenSSL HKDF via EVP_PKEY implementation
  Name: OpenSSL SCRYPT via EVP_PKEY implementation
  Name: OpenSSL HMAC via EVP_PKEY implementation
  Name: OpenSSL SIPHASH via EVP_PKEY implementation
  Name: OpenSSL POLY1305 via EVP_PKEY implementation
  Name: OpenSSL CMAC via EVP_PKEY implementation

Source: https://docs.openssl.org/3.3/man1/openssl-list/

openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-384 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=$DOMAIN_NAME" -addext "subjectAltName=IP:$IPV4_ADDRESS"

Source: the Stack Overflow answer 78999741

works fine.

```bash openssl list -public-key-algorithms | grep Name ``` <details> <summary>Output:</summary> ``` Name: OpenSSL RSA method Name: rsa Name: OpenSSL PKCS#3 DH method Name: dsaWithSHA Name: dsaEncryption-old Name: dsaWithSHA1-old Name: dsaWithSHA1 Name: OpenSSL DSA method Name: OpenSSL EC algorithm Name: OpenSSL RSA-PSS method Name: OpenSSL X9.42 DH method Name: OpenSSL X25519 algorithm Name: OpenSSL X448 algorithm Name: OpenSSL ED25519 algorithm Name: OpenSSL ED448 algorithm Name: sm2 Name: OpenSSL RSA implementation Name: OpenSSL PKCS#3 DH implementation Name: OpenSSL DSA implementation Name: OpenSSL EC implementation Name: OpenSSL RSA-PSS implementation Name: OpenSSL X9.42 DH implementation Name: OpenSSL X25519 implementation Name: OpenSSL X448 implementation Name: OpenSSL ED25519 implementation Name: OpenSSL ED448 implementation Name: OpenSSL SM2 implementation Name: OpenSSL TLS1_PRF via EVP_PKEY implementation Name: OpenSSL HKDF via EVP_PKEY implementation Name: OpenSSL SCRYPT via EVP_PKEY implementation Name: OpenSSL HMAC via EVP_PKEY implementation Name: OpenSSL SIPHASH via EVP_PKEY implementation Name: OpenSSL POLY1305 via EVP_PKEY implementation Name: OpenSSL CMAC via EVP_PKEY implementation ``` </details> Source: https://docs.openssl.org/3.3/man1/openssl-list/ ```bash openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-384 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=$DOMAIN_NAME" -addext "subjectAltName=IP:$IPV4_ADDRESS" ``` Source: [the Stack Overflow answer 78999741](https://stackoverflow.com/a/78999741) works fine.

Benjamin_Loison referenced this issue 2024-11-15 13:40:12 +01:00

Add redirection from HTTP to HTTPS #6

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

No results found.

No results found.

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Benjamin_Loison/certbot#4

No description provided.