Https

[DiegoMfer]

Hello, I have a problem when trying to get a SSL certificate, I need this for having an https connection

[UO277653]

It is possible that the problem that we had with the inrupt login is caused by this

[pglez82]

It is possible that you do not have permissions for that. A possible solution is to use this service:

https://letsencrypt.org/

I have used it in the past and it works very well, and it is easy to set up having access to the machine console (which you have).

Pablo

[UO277653]

Hello, we have seen that AWS gives us the option to use the 443 port in order to connect the deployed machine, but for some reason even after changing the port from 3000 to 443 in the docker files it is not connecting to the page.

[pglez82]

Have you opened the port in the AWS network configuration?

[UO277653]

Now I have tried with Let's Encrypt, but I got the following error

I have made sure that port 80 is open, but still it does not let me create the certificate

[pglez82]

Would need to see the file /var/log/letsencrypt/letsencrypt.log

[UO277653]

These are the contents

[pglez82]

The first thing. It is easier to send the actual file, not screenshots. To access a remote file you can use any sftp client to access the files over ssh.

The error that I can see is that you need to have the 80 port free. Right now you have the website running in http://dedeen2b.tk/ so you would need to stop that before running letencrypt in the server. Let encrypt needs to run its own web server in this port to verify that you own the machine.

[UO277653]

But if I stop http://dedeen2b.tk/ how could I run Let's Encrypt if it uses a domain name and not IP?

I edit this message to add more details:

When I try to generate the certificate for the IP I get this error:

If I turn off the custom domain name and try to connect directly to the URL of the EC2 AWS instance I get this:

I have looked for information on the Internet about other people having the same problem, and tried a lot of alternatives. As we are using AWS there are a lot of options of configuring the machine, but for some reason I do not have the necessary permissions to work with them

[UO277653]

I have also tried using a reverse-proxy like Caddy, but it did not work either, I am honestly quite lost at this point

Edit: We are discussing changing to Azure, as it seems like a better option

[pglez82]

Ok. First you need to understand how let encrypt works. In order to issue a certificate for your server, let encrypt needs to guarantee that you own the domain and the server. For that, he asks you the domain and ask you to run a software in the server that will listen in port 80 (for that, the port should be free). When the software is running they verify that they can connect to port 80. This only the verification process. After the verification is done, and the certificate is created, you can put back your service in port 80. So, what you have to do is, stop your webapp in the aws machine, make sure the domain is pointing to your machine ip, and run the letsencrypt software so it can make the verification. When you have the certificate I think is valid for 3 or 4 months so you do need to care about this anymore.

[pglez82]

But if I stop http://dedeen2b.tk/ how could I run Let's Encrypt if it uses a domain name and not IP?

Is not stopping the domain but stopping the webapp running in aws.

[pglez82]

What is the status on this issue?

[UO277653]

Today (yesterday we could not do it due to some work of other assignments) we are going to try to generate the certificate on the Azure machine in order for the page to be HTTPS. In case we have some problem with that we will probably post it here.

[UO277653]

Hello, we have created a certificate in Azure, how could we add it to the website?

[DiegoMfer]

We have created the certificate for the website, the problem is that we dont know how to add it so https is connected. The tutorials that we find are for webservers and we are a bit lost. What would be the next step to do? Thanks in advance.

[UO277653]

Update:

We have successfully generated the certificate with Let's Encrypt

All the problems were happening because in the domain provider we did not have the DNS configured correctly

Now we have to redirect the traffic from port 80 or 443 to the port 3000 for the webapp

[UO277653]

Sorry for the spam

We have used Caddy in order to redirect the traffic, with that everything works

The login as well.

The only "problem" is that everytime we want to use the machine without problem we have to use docker-compose up and caddy run, I am not sure if this can be automated. Either way the deployed run is running OK now. Thanks and sorry for the inconvenience.

[DiegoMfer]

we already solved the issue