skip to Main Content

I’m trying to deploy my Flask app when using this tutorial:https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04.

However, in Step 4 — Obtaining an SSL Certificate, I’m getting an error:

sudo certbot --apache -d myapp.com -d www.myapp.com

Error:


Failed authorization procedure. www.myapp.space (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.myapp.com/.well-known/acme-challenge/yNL6M8LQ0l3pJIqsxge_7aBNrBcbp5lwIvT6Mh1Wbx8 [66.96.162.136]: "<!DOCTYPE HTML>rn<html>rnrn    <head>rn        <title>404 Error - Page Not Found</title>rn        <style>rn            #ad_frame"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.myapp.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.myapp.com/.well-known/acme-challenge/yNL6M8LQ0l3pJIqsxge_7aBNrBcbp5lwIvT6Mh1Wbx8
   [66.96.162.136]: "<!DOCTYPE HTML>rn<html>rnrn    <head>rn
   <title>404 Error - Page Not Found</title>rn        <style>rn
   #ad_frame"

mydomain.config in sites-available:

<VirtualHost *:80>       
        ServerAdmin webmaster@localhost
        ServerName myapp.com
        ServerAlias www.myapp.com
        ServerAlias *.myapp.com
        WSGIScriptAlias / /var/www/html/myapp/myapp.wsgi
        <Directory myapp>
            WSGIProcessGroup myapp
            WSGIApplicationGroup %{GLOBAL}
            Order deny,allow
            Allow from all
        </Directory>
</VirtualHost>

<VirtualHost *:443>       
        ServerAdmin webmaster@localhost
        ServerName myapp.com
        ServerAlias www.myapp.com
        ServerAlias *.myapp.com
        WSGIScriptAlias / /var/www/html/myapp/myapp.wsgi
        <Directory myapp>
            WSGIProcessGroup myapp
            WSGIApplicationGroup %{GLOBAL}
            Order deny,allow
            Allow from all
        </Directory>
</VirtualHost>

myapp.wsgi file in /var/www/html/myapp look like this:

import sys
sys.path.append('/var/www/html/myapp/venv/lib/python3.6/site-packages')
sys.path.insert(0, '/var/www/html/myapp')
from frequency_api import app as application                                              

AWS EC2 Rules for my app:
enter image description here

I have bought a domain through domain.com, and I can my API through it using the domain name with HTTP. How can this SSL issue be fixed so I can access through HTTPS? Thanks! Please let me know if there is anything else I should show here.

2

Answers


  1. I think the problem you are facing is because the domain you are trying to link with your server is not pointing to your server.

    You are trying to issue a certificate for myapp.com for which you need to add dns record of type A for myapp.com pointing towards your ec2 ip.

    If you have purchased domain other than myapp.com then you are trying to issue a certificate for wrong domain.

    Login or Signup to reply.
  2. I’ve had a similar issue and in my case I just turn off the SSL virtual server at port 443. In this case you should delete:

    <VirtualHost *:443>       
            ServerAdmin webmaster@localhost
            ServerName myapp.com
            ServerAlias www.myapp.com
            ServerAlias *.myapp.com
            WSGIScriptAlias / /var/www/html/myapp/myapp.wsgi
            <Directory myapp>
                WSGIProcessGroup myapp
                WSGIApplicationGroup %{GLOBAL}
                Order deny,allow
                Allow from all
            </Directory>
    </VirtualHost>
    

    After that, when running certbot --apache the SSL virtual host will be setup automatically if you chose the option for redirection.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search