Traccar Secure Connection

Hi Guys,

I have a Problem with Configuring SSL on my Traccar server. I have followed what is described in https://www.traccar.org/secure-connection/, but when I try to run sudo certbot --apache, then I get the error.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): DOMAIN NAME
Requesting a certificate for DOMAIN NAME

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: DOMAIN NAME
  Type:   unauthorized
  Detail: 2a02:7b40:3e4d:9e14::1: Invalid response from http://DOMAIN NAME/.well-known/acme-challenge/9Z-vExR9oWghLMpiFSikty4IHuGo9kq8O9eWkhrteLI: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

For the DOMAIN NAME I am using my domain name sub.domain.com

I have tried many other configurations, but I can not get the valid certificate.
Can someone please help?

Kind Regards,
Andreas

Well, it cant acces the file / directory (has no acces to) where it would do the Challange. Thats what the unauthorized 404 is about.

So you should check that the path is correct. Check if this path exists /.well-known/acme-challenge/
AND that the correct acces is granted to the directory.

And check the /var/log/letsencrypt/letsencrypt.log for more details.

Just to root out the cause you could grant ALL acces (chmod) temporarily and try again to /.well-known/acme-challenge/
Make sure you chmod it back again directly afterwards.

I have rerun multiple times the needed commands, in order to activate those folders and provide the needed permission, but still I am getting the same error

So why dont you start showing the letsencrypt.log ?

I suspect the error simply means that your domain is not configured to the server IP address.

the domain is configured to the server IP address

You should check if there is actually a file in this directory. /.well-known/acme-challenge/

But without logs and config details its pointless to answer your remarks.

You should not need to mess with any folders yourself. If you do, you're already doing it wrong. Certbot handles those automatically.

there is no file in the directory, and the permission of the folder is 777

Since you wont post your config and letsencrypt.log ill rest my case.

config

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
<properties>

<!-- Documentation: https://www.traccar.org/configuration-file/ -->

<entry key='database.driver'>com.mysql.cj.jdbc.Driver</entry>
<entry key='database.url'>jdbc:mysql://...>
<entry key='database.user'>...</entry>
<entry key='database.password'>...</entry>

</properties>

How to post letsencrypt.log? it has 477 lines

is there any working "tutorial" on how to configure secure connection for Trackar for AWS?

The tutorial we have should work on any platform. Doesn't matter if it's AWS or not.

but, it seems that the instructions are not working.

The instructions should work fine on a clean Ubuntu server, as it says. If it still doesn't work, you must be doing something wrong.