By: Kevin Fletcher named 29 Jan 2020 at 3:55 p.m. CST

7 Responses
Kevin Fletcher gravatar
I am trying to get Let's Encrypt to work with Gluu 3.1.6.sp1 When I try to run *certbot --apache* it is trying to verify that port 80 is open and fails. There is a redirect on port 80 to port 443. I did not know if you might have any documentation of other people trying to use Let's Encrypt to provide SSL certificates for their Gluu instances. Any help would be appreciated.

By Aliaksandr Samuseu staff 29 Jan 2020 at 4:39 p.m. CST

Aliaksandr Samuseu gravatar
Hi, Kevin. I was using Let's Encrypt before successfully with Gluu, a couple of times. I used instructions provided on the official site, the certbot approach. I didn't set up auto-renewal, but the rest worked fine. Please follow instructions on [this page](https://certbot.eff.org/lets-encrypt/centosrhel7-apache). If it won't work for you, list all the steps you did, and exactly what error do you see (screenshot, full text from console etc). @Sahil.Arora, could you share you thoughts? I believe QA uses Let's Encrypt on regular basis.

By Aliaksandr Samuseu staff 29 Jan 2020 at 4:45 p.m. CST

Aliaksandr Samuseu gravatar
Kevin, do you run certbot inside, or outside container? I should be the former.

By Sahil Arora staff 30 Jan 2020 at 7:06 a.m. CST

Sahil Arora gravatar
Hi Kevin, Please share the error screenshot, will take a look. I have been using LetsEncrypt without any issues.

By Sahil Arora staff 10 Feb 2020 at 10:48 a.m. CST

Sahil Arora gravatar
Hi Kevin, Please let us know if you need further assistance here?

By Kevin Fletcher named 10 Feb 2020 at 2:09 p.m. CST

Kevin Fletcher gravatar
Sorry for the long response. I had been working on another Gluu issue. Below is what I get when I run the certbot command inside the Gluu chroot environment. I also want to mention that this VM is running in Azure and I do have port 80 and 443 open. I did not know if there is any issue with Gluu having the redirect from port 80 -> 443 causing issues with the certbot utility. Thanks, Kevin ``` [root@localhost ~]# certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): kfletcher@flvc.org Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): ae1lxglu01-tst.flvc.org Obtaining a new certificate Performing the following challenges: http-01 challenge for ae1lxglu01-tst.flvc.org Cleaning up challenges Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80. IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ```

By Kevin Fletcher named 12 Feb 2020 at 9:20 a.m. CST

Kevin Fletcher gravatar
Could I get an update on this?

By Ganesh Dutt Sharma staff 12 Feb 2020 at 11:09 a.m. CST

Ganesh Dutt Sharma gravatar
Hi Kevin, Dealing with certbot since letsencrypt days, my take on this is like below and it usually works. A. If certbot doesn't recognize domain name: 1. Keep port 80 opened. 2. Split the virtualhost example.com.conf in two parts. One with example.com.conf and example.com.ssl.conf. 3. Comment out Redirect lines from the file example.com.conf. 4. Then run certbot command and it should work. B. If certbot does recognize your domain name, 1. Comment out Redirect lines from the config file. 2. Run the certbot command.