1. I followed most of the steps from jbarrett.me:
https://www.jbarrett.me/blog/items/4/setting-ssl-django-app-lets-encrypt-ubuntu-apache-and-mod_wsgi2. My setup broke at this step:
sudo ./letsencrypt-auto --apache -d example.com -d www.example.comI get the following error: Name duplicates previous WSGI daemon definition.
To resolve this, I had to comment out the configurations for Django.
2B. After executing letsencrypt-auto
The lines that were commented out, should be added to the ssl conf file. For me, this was the 000-default-le-ssl.conf file. This step also differed from the site.
3. Unexpected new file
This created a new file on my web server and still not sure if that is the expected behavior. On top of the original default-ssl.conf, now I have a 000-default-le-ssl.conf. Apache requires both files to run.
I did not find any references that this file would be created (honestly, I didn't and haven't bothered looking it up since I got it to work). Make sure the Django configuration is only in this file and not also in the default-ssl.conf file as this will also throw the name duplication error.
4. Other random findings
I also ran into a couple other issues while implementing where I am not exactly sure where I went wrong but eventually got them to work without really knowing what.a. Client denied by server configuration
I think this was caused by me moving the WSGI configuration options around.
b. Forbidden you don't have permission to access
I think this was also related to the "Client denied by server configuration" with the same resolution.
5. Other notes
I also had to point the SSL certificates to the correct location in the 000-default-le-ssl.conf file.
After completing, I still had the little icon on the chrome browser that said it was not secure but name was valid. As of the following day, my site had the secure lock icon. I do not think I did anything... maybe it takes time to propagate.
The installation also configures apache to redirect http to https.
https://django.dlastlee.com
I followed a few different pages. Most are at least a couple years old. Some mention the same errors which seem common enough so I thought it was a little odd that I still run into the same problems in 2020.
I followed a few different pages. Most are at least a couple years old. Some mention the same errors which seem common enough so I thought it was a little odd that I still run into the same problems in 2020.
I think overall, the process is pretty simple if you understand the workings of SSL, signed certificates, and apache. Because I do not have a good understanding, I spent some time to understand signed certificates from trusted sites, letsencrypt, certbot, and apache configurations. All for the better because I feel that I navigate through Debian a bit better and apache configuration files.
2. https://stackoverflow.com/questions/47803081/certbot-apache-error-name-duplicates-previous-wsgi-daemon-definition
3. https://www.tecmint.com/install-free-lets-encrypt-ssl-certificate-for-apache-on-debian-and-ubuntu/
4. https://github.com/certbot/certbot/issues/4880
5. https://github.com/certbot/certbot/issues/1820
6. https://unix.stackexchange.com/questions/349778/wsgi-application-ah01630-client-denied-by-server-configuration-but-client-re
7. https://cwiki.apache.org/confluence/display/HTTPD/ClientDeniedByServerConfiguration
8. https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
Reference
1. https://www.jbarrett.me/blog/items/4/setting-ssl-django-app-lets-encrypt-ubuntu-apache-and-mod_wsgi2. https://stackoverflow.com/questions/47803081/certbot-apache-error-name-duplicates-previous-wsgi-daemon-definition
3. https://www.tecmint.com/install-free-lets-encrypt-ssl-certificate-for-apache-on-debian-and-ubuntu/
4. https://github.com/certbot/certbot/issues/4880
5. https://github.com/certbot/certbot/issues/1820
6. https://unix.stackexchange.com/questions/349778/wsgi-application-ah01630-client-denied-by-server-configuration-but-client-re
7. https://cwiki.apache.org/confluence/display/HTTPD/ClientDeniedByServerConfiguration
8. https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
No comments:
Post a Comment