Implementing "Let's Encrypt" SSL Certificate to Django / Apache / Debian

There were enough steps online to get me through implementing SSL to my web site.

1. I followed most of the steps from jbarrett.me:

https://www.jbarrett.me/blog/items/4/setting-ssl-django-app-lets-encrypt-ubuntu-apache-and-mod_wsgi

2. My setup broke at this step:

sudo ./letsencrypt-auto --apache -d example.com -d www.example.com

I get the following error: Name duplicates previous WSGI daemon definition.

To resolve this, I had to comment out the configurations for Django.

2B. After executing letsencrypt-auto

The lines that were commented out, should be added to the ssl conf file. For me, this was the 000-default-le-ssl.conf file. This step also differed from the site.

3. Unexpected new file

This created a new file on my web server and still not sure if that is the expected behavior. On top of the original default-ssl.conf, now I have a 000-default-le-ssl.conf. Apache requires both files to run.

I did not find any references that this file would be created (honestly, I didn't and haven't bothered looking it up since I got it to work). Make sure the Django configuration is only in this file and not also in the default-ssl.conf file as this will also throw the name duplication error.

4. Other random findings

I also ran into a couple other issues while implementing where I am not exactly sure where I went wrong but eventually got them to work without really knowing what.

a. Client denied by server configuration
I think this was caused by me moving the WSGI configuration options around.

b.  Forbidden you don't have permission to access
I think this was also related to the "Client denied by server configuration" with the same resolution.

5. Other notes

I also had to point the SSL certificates to the correct location in the 000-default-le-ssl.conf file.

After completing, I still had the little icon on the chrome browser that said it was not secure but name was valid. As of the following day, my site had the secure lock icon. I do not think I did anything... maybe it takes time to propagate.

The installation also configures apache to redirect http to https.

https://django.dlastlee.com

I followed a few different pages. Most are at least a couple years old. Some mention the same errors which seem common enough so I thought it was a little odd that I still run into the same problems in 2020.

I think overall, the process is pretty simple if you understand the workings of SSL, signed certificates, and apache. Because I do not have a good understanding, I spent some time to understand signed certificates from trusted sites, letsencrypt, certbot, and apache configurations. All for the better because I feel that I navigate through Debian a bit better and apache configuration files.

Reference

1. https://www.jbarrett.me/blog/items/4/setting-ssl-django-app-lets-encrypt-ubuntu-apache-and-mod_wsgi
2. https://stackoverflow.com/questions/47803081/certbot-apache-error-name-duplicates-previous-wsgi-daemon-definition
3. https://www.tecmint.com/install-free-lets-encrypt-ssl-certificate-for-apache-on-debian-and-ubuntu/
4. https://github.com/certbot/certbot/issues/4880
5. https://github.com/certbot/certbot/issues/1820
6. https://unix.stackexchange.com/questions/349778/wsgi-application-ah01630-client-denied-by-server-configuration-but-client-re
7. https://cwiki.apache.org/confluence/display/HTTPD/ClientDeniedByServerConfiguration
8. https://certbot.eff.org/lets-encrypt/debianstretch-apache.html

Visual Studio Code (day 1) (Django, previously Eclipse)

For quite some time, I have been itching to move away from Microsoft solutions. For the last month, I have been learning a whole new technology stack: Linux/Debian, Apache, Django, Python, Eclipse, PuTTY, Google Cloud, MariaDb, Bootstrap, etc.

Each one has such a steep learning curve for me as I have primarily been following Microsoft tools. The biggest challenge for me was Eclipse for several reasons. I did not invest a lot of time into looking into configuring Eclipse to properly work with Django and Python. I used it to edit code to see some variables. I did not have intelli-sense; I could not run the code locally; and the final straw was that I could not remove a warning when I added a static tag to a file. It did not deter the program, but my OCD cannot help but stare at it all the time.

After a couple days of staring at the warning, I did a weak attempt to find a way around it. For me it was a whirlwind of information in that I just decided to search for a new text editor. After a couple of reviews, I saw Visual Studio being used even users on Mac and Linux.

I was very hesitant about going back to Microsoft as I went through all this to avoid them. Eventually, I folded and went to download. At this time, I noticed there was Visual Studio and Visual Studio Code. After some research, Visual Studio Code sounded like a text editor than an IDE, so I went ahead with it.

I have to grudgingly say that installing and configuring Visual Studio Code was too easy. I was not only up and running, but also configured to test on my own system prior to uploading to the server. I did run into a small snag. One of the sites I was using as directions provided the commands as "python" instead of "py". I don't know if this was a versioning or aged article issue, but that was quickly remedied.

So far, I have been quite happy with Visual Studio Code.