I'm trying to create certificate for *.foobar.com
./certbot-auto certonly --standalone-supported-challenges http-01 -d *.foobar.com
But I get the error:
certbot: error: unrecognized arguments: --standalone-supported-challenges http-01
I have google this error but I keep getting answers with example using apache servers. What is the command to make it work with a simple golang webserver serving a typical web app (html, css, js, some svgs, jpgs)
So I followed official certbot instructions:
https://certbot.eff.org/lets-encrypt/ubuntubionic-other
and this is the command that got it working for me:
cd certbot # change into cerbot dir
sudo ./certbot-auto certonly --standalone -d foobar.com
Related
According to the official ACME.SH documentation link, issuing a certificate is as simple as running the following command:
$ acme.sh --issue --alpn -d example.com
However, I am getting the following error
Error, can not get domain token entry example.com for `tls-alpn-01`
The supported validation types are `http-01` `dns-01` , but you specified: `tls-alpn-01`
I have tried switching from the default ZeroSSL.com to BuyPass.com, but that does not help. It seems that these providers do not allow tls-alpn-01 validation method, but it could be related to something that I am missing.
PS:
To preemptively answer some questions:
I have a valid domain that I replaced with "example.com"
The site is functional on a 443 port, but port 80 is blocked by ISP, hence tls-alpn-01
I am stopping Nginx, and then checking with netstat that port 443 is not bound to a service.
When I run the script with --debug 2 parameter, I get the following value for _authorizations_map variable
_authorizations_map='example.com,{"identifier":{"type":"dns","value":"example.com"},"status":"pending","expires":"2021-08-18T22:53:50Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/wYehJ8kQjUDiDadBJ12qKw", "status":"pending","token":"Sfga2N2KwV-2hg3wo1gYAoyFvqV87dRvG2sHw4I6ups"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/CkrMQdEJthf-TmWvllW-Bg", "status":"pending","token":"_AlgMGzIfSQs7673Su-njnpieba_zLpSYxiUdXDEFnz"}]}'
Same problem, I switched from ZeroSSL to Let's encrypt CA and now it works without problems.
https://community.letsencrypt.org/t/the-acme-sh-will-change-default-ca-to-zerossl-on-august-1st-2021/144052
Edit: oops, sorry.
To tell acme.sh to use Let's encrypt CA
use:
acme.sh --set-default-ca --server letsencrypt
and then try to issue again the certificate in tls-alpn-01 mode
We are implementing a custom chat in a web application using Laravel and pusher. The basic functionalities like sending and receiving messages with file-sharing were working perfectly fine for few days but all of a sudden we encountered an error as follows:
"message": "cURL error 60: SSL: no alternative certificate subject
name matches target host name 'api-.pusher.com' (see
https://curl.haxx.se/libcurl/c/libcurl-errors.html) for
https://api-.pusher.com/apps//events?auth_key=&auth_timestamp=1622911129&auth_version=1.0&body_md5=994999b61168dbbbb9172e79341131b8&auth_signature=51992f8acbe3f6943163bb358399f30b7d8020d30a5d121e1650953480642397",
"exception": "GuzzleHttp\Exception\RequestException",
"file": "/home/techfin/public_html/testtest.com/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php",
"line": 211
It works perfectly fine on the local machine but causes problems on the server.
I think you should install the CURL extension as below (on Linux):
sudo apt-get install php-curl
This will install a dependency package, which depends on the default PHP version. After that restart apache
sudo service apache2 restart
on windows:
read this article
You're missing the cluster ID from the curl. Normally you'd have an API URL like https://api-mt1.pusher.com. You can find the cluster for your app in the Pusher dashboard.
I am trying to obtain an SSL certificate with certbot and the --webroot setting. My current command is:
sudo certbot certonly --webroot -w <path> -d <URL> -d <*.URL>
Every time I run the command I get this error:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
I tried every similar command I found. Please share some help.
I am using ubuntu 18 with the newest certbot version. I also tried certbot-auto
I figured it out: with the http verification (webroot) it is not possible to obtain wildcards (<*.url>).
But it is possible with a DNS challenge (Reference).
Here is an example command for a manual / DNS challenge wildcard certifiat request:
sudo certbot certonly --manual -d *.<domain> -d <domain> --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server acme-v02.api.letsencrypt.org/directory
I want to provide some further reading on this for anyone else struggling - and I'll explain why every solution still didn't work!
Great advice from Letsencrypt ...
https://community.letsencrypt.org/t/client-with-the-currently-selected-authenticator-an-authenticator-script-must-be-provided-when/153921
https://letsencrypt.org/docs/challenge-types/ - see DNS-01. Basically Certbot has to connect with your DNS provider/api to create temporary records to verify your domain.
BUT ... not all providers allow this ...
https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438
And it turns out mine (Namecheap) doesn't. So in short Wildcards + Certbot + Namecheap are not physically possible!
curl -O "https://www.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz"
This is the command I am using from terminal to download maven but it's either timed out or curl: (7) Failed to connect to www.apache.org port 443: Operation timed out.
If I use browser to download, no issue.
My assumption is the ssl connection or certificate issue. Any idea how can I resolve the curl issue.
Please take note, I am using this in a Dockerfile to create docker image and here is that:
FROM ******/mule-42x:v2.2.1
ENV MAVEN_VERSION 3.6.3
RUN mkdir -p /opt/maven \
&& cd /opt/maven \
&& curl -O "https://www.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz" \
&& tar xzvf "apache-maven-$MAVEN_VERSION-bin.tar.gz" \
&& rm "apache-maven-$MAVEN_VERSION-bin.tar.gz"
ENV MAVEN_HOME "/opt/maven/apache-maven-$MAVEN_VERSION"
ENV PATH=$MAVEN_HOME/bin:$PATH
I've tried to run the command presented in the question and encountered the following errors:
curl -O "https://www.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz"
curl tries to verify the SSL certificate but fails with the following message:
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
So I've added -k flag as the message suggests.
Now this works, however the http call returns and HTML page with 302 (redirect) to https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
So the command that has worked for me is:
curl -O -k https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
An Important side note:
I'm assuming that you've configured the network right and it has all the proper proxy definitions if you're running behind the proxy in your organization, otherwise you should define proxy first.
All in all I suggest you running this command 'manually' first (from the command line not as a part of the build I mean) outside the docker on the machine where you run the docker build and only when you make sure it works run it in a docker file.
I tried to install a phpmyadmin in laravel valet. after i run
brew install phpmyadmin I run valet link and visit the phpmyadmin in the browser by typing phpmyadmin.test
I assume that the default username and password would be 'root' and blank
but when i try to login i encounter this error
screenshot: https://prnt.sc/lva5yu
mysqli_real_connect(): (HY000/2054): The server requested authentication method unknown to the client
mysqli_real_connect(): The server requested authentication method unknown to the client [caching_sha2_password]
If you want to use MySQL 8.0 and not get the "caching_sha2_password plugin" error, then check out a couple blog posts I wrote on how to setup MySQL 8.0 in Docker with persistent data, as well as a post on how to run your MySQL 8.0 container with mysql_native_password.
In short, you can create a local "my.cnf" config file:
$ sudo nano /usr/local/opt/mysql/config/my.cnf
Add the necessary config statement to it:
[mysqld]
default-authentication-plugin=mysql_native_password
And then include that file as a volume bind in your "docker run" statement:
$ docker run --restart always --name mysql8.0 -v/usr/local/opt/mysql/8.0:/var/lib/mysql -v /usr/local/opt/mysql/config:/etc/mysql/conf.d -p 3306:3306 -d -e MYSQL_ROOT_PASSWORD=your_password mysql:8.0
You can read more detail on these steps here:
https://medium.com/#crmcmullen/how-to-run-mysql-in-a-docker-container-on-macos-with-persistent-local-data-58b89aec496a
https://medium.com/#crmcmullen/how-to-run-mysql-8-0-with-native-password-authentication-502de5bac661