https://certbot.eff.org/instructions?ws=other&os=windows

gregaryb · 01-04-2024, 07:33 AM

My web server www.find-a-tradie.com.au is a https web server.

http://www.find-a-tradie.com.au => BAD REQUEST

I cannot use this tool to create a certificate for my https server because it does not respond to port 80 requests that is uses to verify it.

So how the buggery are you supposed to use it to generate a ceriticate?????

It make no difference if I try and run this tool on a different laptop with a regular http web server on it.

Because it still tries to make a http request to my https web site.

It is completely impossible to use it!

smallpond · 01-04-2024, 12:40 PM

Is port 80 blocked by firewall or something? Are you able to add a TXT record to your DNS?

bathory · 01-04-2024, 12:55 PM

Quote:

Originally Posted by gregaryb

My web server www.find-a-tradie.com.au is a https web server.

http://www.find-a-tradie.com.au => BAD REQUEST

I cannot use this tool to create a certificate for my https server because it does not respond to port 80 requests that is uses to verify it.

So how the buggery are you supposed to use it to generate a ceriticate?????

It make no difference if I try and run this tool on a different laptop with a regular http web server on it.

Because it still tries to make a http request to my https web site.

It is completely impossible to use it!

FYI it works from here: https://www.find-a-tradie.com.au

scasey · 01-04-2024, 01:35 PM

Quote:

Originally Posted by gregaryb

My web server www.find-a-tradie.com.au is a https web server.

http://www.find-a-tradie.com.au => BAD REQUEST

I cannot use this tool to create a certificate for my https server because it does not respond to port 80 requests that is uses to verify it.

So how the buggery are you supposed to use it to generate a ceriticate?????

It make no difference if I try and run this tool on a different laptop with a regular http web server on it.

Because it still tries to make a http request to my https web site.

It is completely impossible to use it!

Probably. Certbot is apparently designed to provide a certificate for a site which does not already have one.
Your site already has a certificate (else, the https would not work) provided by Let’s Encrypt that expires next April 4th.
Do you not want to renew the certificate you have?
Can you allow port 80 (http) access temporarily so that Certbot can do its thing?
What exactly are you trying to accomplish?

TenTenths · 01-05-2024, 06:27 AM

I would also strongly suggest that you configure your server to accept port 80 connections for find-a-tradie.com.au and www.find-a-tradie.com.au and redirect them to the "official" https:// URL

That should allow for all user "type in" scenarios.

Also, having 80 redirect to 443 will solve any of your certbot issues going forward.

It's as simple as 6 lines in the apache vhosts config:

Code:

<VirtualHost *:80>
    ServerAdmin your@email
    ServerName yourdomain.tld
    ServerAlias www.yourdomain.tld
    Redirect "/" "https://yourdomain.tld/"
</VirtualHost>

(My personal preference is to not have www at the start of the site, but that's just me.