You are here
Daniel Rodriguez - Wed, 2020/07/08 - 00:27
Hello, as they are I greet you from Honduras CA, I have a problem that has broken my head and I need help please, install my own Moodle server and I have it under a public IP but when I redirect it to the domain I always get the connection is not private I have enabled SSL certificates but it does not work it will help me please in advance thank you very much
Forum:
Hi Daniel
Assuming that you are using our Moodle server, then all our servers ship with "self signed" certificates. These certificates are legitimate certificates, however, because they are self signed, anyone can create them and anyone can pretend to be anyone else. So to stop that, browsers show a warning for self signed certs. To avoid the warning requires certificates that been signed by a registered (and approved) Certificate Authority.
If you already have the domain set up so that it points to the public IP of your Moodle server, then all you should need to do is use Confconsole (via Advanced menu) to get a free Let's Encrypt certificate (Let's Encrypt is a registered/approved CA)! Once you have that set up (and assuming that it works successfully) be sure to enable the auto updates!
Confconsole v1.1.2
if i am using turkley moodle server but i have tried in various ways up to this blog "https://github.com/turnkeylinux/confconsole/releases/tag/v1.1.2" but it has not worked for me
Are you using Moodle v16.0?
If not, then that's what I recommend (that's the latest release. The v16.0 appliance ships with Confconsole v2.0.x (i.e. much newer than v1.1.x) so it should "just work" - no workarounds required...
If you are using v16.0 and it didn't work, then my guess is that there is something else going wrong. If you've installed Confconsole v1.1.2 in v16.0, then it might be easiest and best to just trash this server and start again.
With v16.0 running, if it still fails, please share the contents of the Confconsole log file. Also posting your domain will be useful, so I can double check that your DNS is set up properly.
where can I install the Confconsole v2.0.x or does it come by default, if so what should I do to install the certificate, thank you very much?
v16.0 comes with Confconsole v2.0.x pre-installed
You can double check like this:
It should return something like this:
confconsole: Installed: 2.0.1+9+g86f73bd Candidate: 2.0.1+9+g86f73bd Version table: *** 2.0.1+9+g86f73bd 999 999 http://archive.turnkeylinux.org/debian buster/main amd64 Packages 100 /var/lib/dpkg/statusIf you look at the "Installed" line, my output shows that I have "2.0.1+9+g86f73bd". You can also see that the "Candidate" is the exact same version. If your "Candidate" is different version to what is "Installed" then you can update like this:
Although I'm pretty sure that there wasn't any changes to Let's Encrypt, so I doubt it will make any difference (but it also won't hurt).
Also out of interest, you can double check the TurnKey version like this:
For v16.0 Moodle, it should return this:
I don't get this "999 http://archive.turnkeylinux.org/debian buster / main amd64 Packages"
Perhaps post the full output?
Perhaps post the full output? Then I might be able to work out what is going on.
Regardless, if you have v2.0.1 or higher, you should be fine.
this is error
this is error
Please check the log
Please share the contents of the log file: /var/log/confconsole/letsencrypt.log
That should explain why it failed. Also as I said earlier, if you share the domain name with me, I can double check your DNS settings.
yes of course my domain is jaguarsbschool.ipvisionhn.com username and the ip where I have it redirected is 181.115.34.26
My guess is that Let's Encrypt doesn't follow redirect?
Until I see your log I can't be sure, but my guess is that perhaps Let's Encrypt isn't following the redirect? I see that the 'A' record points to a different IP and its a 301 redirect that points it to your current IP.
The other problem that may have occurred is that perhaps your IP has been blacklisted? If you keep retrying and it keeps failing, at some point Let's Encrypt will blacklist your IP and refuse to give you a certificate. I forget how long it takes for that blacklisting to time out.
Anyway, until I see your log, I'm really just guessing...
How do I identify if I am
How do I identify if I am blacklisted? And if so, what alternative do I have?
If you've been blacklisted, it will say in the log
I don't recall the exact message, but it will be something like "too many failures" or similar.
If that happens, you just need to wait until the blacklist is removed. IIRC it's an hour (i.e. wait and hour and try again)...
Actually, I found the Let's Encrypt - Rate Limits doc page. It says that there is a "Failed Validation limit of 5 failures per account, per hostname, per hour". My reading suggests that if you hit the limit, you are blocked for one week! So it might pay to wait an hour before you retry to make sure you don't hit that limit!
this is the error you have in letsencrypt.log
root@moodle .../log/confconsole# tail -f letsencrypt.log "detail": "DNS problem: NXDOMAIN looking up A for jaguarsbschoo.ipvisionhn.com - check that a DNS record ex
ists for this domain",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5738395781/ARmsmQ",
"token": "eqxDmGc_Z0DlcRHa5JXgmoRzh94XvyWpAk5CqocXvDI"
})
[2020-07-08 04:08:37] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2020-07-08 04:08:37] dehydrated-wrapper: WARNING: Python is still listening on port 80
[2020-07-08 04:08:37] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert, key and combi
ned files.
[2020-07-08 04:08:38] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
Looks like you did a typo!
Update it to jaguarsbschool.ipvisionhn.com (note the missing 'l' above).
Jeremy I already installed the certificate, but the browser continues to tell me that the address is not private that you think you could review because the certificate is already working, but it still tells me that the connection is not private thanks for your support
Great, you've got the cert
Great that you have the certificate.
The issue that you're hitting now is that your domain is redirecting to IP address, but you can't get a certificate for an IP address, only a domain name. So essentially the certificate that your site is providing doesn't match what is in the adrress bar
Ideally you'd be best off changing your DNS so your domain name just points directly to your server's actual IP address (instead of being redirected).
Otherwise you'll need to change the rewrite. AFAIK, it should be possible to redirect but keep the domain in the address bar. It's not something I've done before, and exactly how you do that will depend on the how you have the current redirect set up (and what web server it is), but I'm almost certain that it's possible and it should make the certificate work properly (the domain will match the certificate).
Note that regardless of which way you go, you'll probably need to clear the cache and cookies from your browser. You need to do that to clear out the 301 redirect.
Add new comment