I can not figure out SSL

I am so lost with SSL. I’m trying to setup test servers so I actually understand how to set it up before I move my site that is already on a host that is slow because it’s a shared server. I have a rack server in my house, it has a lot of ram and processing power that won’t be shared with anyone and I want to run my website from it instead of paying too much for leased resources on a slow server online. My ISP blocks port 80 and this is causing problems since nearly all instructions assume this port is opened. I got it working once but I followed so many tutorials that I can’t for the life of me remember what I did. I had to learn how to use Linux/Ubuntu as I was doing this and everything was new to me. I had to follow tutorials ON tutorials as I went through the steps, it was too much.

Are there tools that can tell me what’s happening instead of waiting for the website to time out? I have no idea why I’m getting an error 522 time out error. Isn’t there a way to see what the server is doing?

I went here: Certbot Instructions | Certbot

I selected Apache and Ubuntu 20, then I clicked on the wildcard tab

I clicked the “Check if your DNS provider supports Certbot” and found Cloudflare in the list. I accessed the server via VMWare remote console and brought up the CLI in ubuntu. I installed snap and I installed the Cloudflare plugin for certbot

Then I clicked on the link for cloudflares credentials, the examples say they need to be in the file but it doesn’t explain at all where it goes or what the file name is supposed to be. I was able to figure it out later when the CLI gave the error that it couldn’t find Cloudflare.ini, then I understood that what it had me copy was looking for a specific directory for that file that did not exist, so I created the directories and the .ini file and copied " dns_cloudflare_api_token = " into nano and then added my token that was generated on the Cloudflare website. Then I copied the example info but using my domain to acquire a certificate and wait 60 seconds for DNS to propagate. When I go to my website it times out with error 522.

If I go to ssllabs.com and test it, all it does is show a grade of B for all the server addresses it has listed

When I ran the command to acquire a cert and wait 60 seconds, it gave the error about the token not being safe but it still continued.

If I access the webserver through my intranet it gives this error:

SSL_ERROR_BAD_CERT_DOMAIN

but it references the cert being for my domain name not the IP address so I don’t know if this is to be expected when i try to access it internally.

If I check the pad lock and look at the security information, it says “Verified by Let’s Encrypt” but I do everything through Cloudflare, When I go to the URL using the domain it errors out with 522 but I can still check the pad lock info. When accessing it this way, the padlock shows “Verified by Cloudflar, INC” There is no “Let’s encrypt” on this side.

Is this the issue? Did Certbot get a lets encrypt cert and a Cloudflare cert is expected? Why did I bother adding the Cloudflare plugin if this is the case? It seems if my ISP just let me have access to port 80, I could just click a button or type a single command in and it would just work. But having to go another route gets convoluted and confusing almost immediately.

I don’t remember doing any of this download a Cloudflare plugin for certbot stuff when I accidentally got it to work the first time. I do see TXT entries for _acme-challenge.cert with a long string of characters. Is there an easy way to do this? What did I do with that acme challenge that made it work last time? I am so confused with this ssl stuff. Everyone I know that does tech stuff doesn’t seem to know, but all of them have access to port 80 at their work so they don’t have to worry about these work arounds. I also think I have a below average understand of all of this stuff so I’m not even sure if I’m coming off like an idiot that doesn’t know at all what he’s talking about so it’s hard to understand what I’m even asking.

SSL certificates are issue to domain names ie www.example.com and not IP address. If you visit by IP then you will get an SSL warning.

What port are you using to go for SSL, just 443? If you try and access the server via the IP of the DNS record, does that work?

Something that sounds like it will work well for you is Tunnels

2 Likes

Maybe the solution is to follow some tutorials ON tutorials ON tutorials. :stuck_out_tongue_winking_eye:

Could you please clarify your goal? Cloudflare will issue you edge certs automatically, so in the context of Cloudflare, your certs will only be valuable between your server (wherever it’s located) and Cloudflare. You could choose to forgo Cloudflare’s certificates, and handle it all on your own, but I don’t think that seems like your goal.

With regard to port 80, I don’t see how that’s relevant. It’s used for plain HTTP, meaning no encryption. When you refer to port 80, do you actually mean 443?

There are several methods for validating letsencrypt, and TXT records should work well. But your domain does need to match. Have you checked to see what domain the certificate lists?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.