hostname "domainname.com" does not match the server certificate

[bsde1245]

I followed set up instructions. When I issue bundle exec jekyll letsencrypt I got like below

Configuration file: /home/justinechacko/www/main/_config.yml
Registering [email protected] to https://acme-v01.api.letsencrypt.org/... 
Pushing file to Gitlab 
Commiting challenge file as letsencrypt.html 
Done Commiting! Check https://gitlab.com/bpmottathai/main/commits/master 
Going to check https://justinechacko.in/.well-known/acme-challenge/87AXszq5OEf_GQ7oRzYAM1LkIza9pKEuCEe4_LZkSIE for the challenge to be present... 
Waiting 120 seconds before we start checking for challenge.. 
jekyll 3.4.0 | Error:  hostname "justinechacko.in" does not match the server certificate

Where is the server certificate, I am a newbie, do I need to install https://github.com/rolodato/gitlab-letsencrypt

[JustinAiken]

Try setting your scheme to http instead of https - you have to check the challenge url over plain old http instead of https

Should say Going to check http:https://justinechacko.in/.well-known... instead of Going to check https://justinechacko.in/.well-known...

do I need to install https://github.com/rolodato/gitlab-letsencrypt

Nope, not at all!

[bsde1245]

bundle exec jekyll letsencrypt
Configuration file: /home/justinechacko/www/main/_config.yml
Registering [email protected] to https://acme-v01.api.letsencrypt.org/... 
Pushing file to Gitlab 
Commiting challenge file as letsencrypt.html 
Done Commiting! Check https://gitlab.com/bpmottathai/main/commits/master 
Going to check http:https://justinechacko.in/.well-known/acme-challenge/rwhX92k_s7bvaVQo6kj_5Q0aa2m_xczPLmS-vH_zvNU for the challenge to be present... 
Waiting 120 seconds before we start checking for challenge.. 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
Got response code 404, waiting 15 seconds... 
^C/var/lib/gems/2.3.0/gems/jekyll-gitlab-letsencrypt-0.2.0/lib/jekyll/gitlab/letsencrypt/process.rb:55:in `sleep': Interrupt
	from /var/lib/gems/2.3.0/gems/jekyll-gitlab-letsencrypt-0.2.0/lib/jekyll/gitlab/letsencrypt/process.rb:55:in `block in wait_until_challenge_is_present'
	from /var/lib/gems/2.3.0/gems/jekyll-gitlab-letsencrypt-0.2.0/lib/jekyll/gitlab/letsencrypt/process.rb:48:in `loop'
	from /var/lib/gems/2.3.0/gems/jekyll-gitlab-letsencrypt-0.2.0/lib/jekyll/gitlab/letsencrypt/process.rb:48:in `wait_until_challenge_is_present'
	from /var/lib/gems/2.3.0/gems/jekyll-gitlab-letsencrypt-0.2.0/lib/jekyll/gitlab/letsencrypt/process.rb:25:in `process!'
	from /var/lib/gems/2.3.0/gems/jekyll-gitlab-letsencrypt-0.2.0/lib/jekyll/gitlab/letsencrypt/process.rb:12:in `process!'
	from /var/lib/gems/2.3.0/gems/jekyll-gitlab-letsencrypt-0.2.0/lib/jekyll/commands/gitlab/letsencrypt.rb:10:in `block (2 levels) in init_with_program'
	from /var/lib/gems/2.3.0/gems/mercenary-0.3.6/lib/mercenary/command.rb:220:in `block in execute'
	from /var/lib/gems/2.3.0/gems/mercenary-0.3.6/lib/mercenary/command.rb:220:in `each'
	from /var/lib/gems/2.3.0/gems/mercenary-0.3.6/lib/mercenary/command.rb:220:in `execute'
	from /var/lib/gems/2.3.0/gems/mercenary-0.3.6/lib/mercenary/program.rb:42:in `go'
	from /var/lib/gems/2.3.0/gems/mercenary-0.3.6/lib/mercenary.rb:19:in `program'
	from /var/lib/gems/2.3.0/gems/jekyll-3.4.0/exe/jekyll:13:in `<top (required)>'
	from /usr/local/bin/jekyll:23:in `load'
	from /usr/local/bin/jekyll:23:in `<main>'

I did ctrl+c as it repeats 404 error. For your info I didn't add any certificate to my domain name. Do I need to add certificate? I didn't go to letsencrypt site and not configured anything...Do I need to go certbot.eff.org

[JustinAiken]

I did ctrl+c as it repeats 404 error.

It's checking for the challenge to be there... looks like it's still not. Do you have gitlab CI setup such that pushing to master triggers an automated deployment of your jekyll blog?

For your info I didn't add any certificate to my domain name. Do I need to add certificate? I didn't go to letsencrypt site and not configured anything...Do I need to go certbot.eff.org

Don't need to do any of that, that's what this plugin is for :)

[bsde1245]

Gitlab CI setup such that when you push to master (or your preferred branch), your changes are deployed live

How to do it?

[JustinAiken]

Ah yes, this plugin handles all of the letsencrypting/cert-grabbing for you, but first you have to have Gitlab CI set up such that pushes to master (or some other branch) autodeploy the code changes live for you..

Try one of these tutorials:

• https://www.redpill-linpro.com/sysadvent/2016/12/03/jekyll-gitlab-ci.html
• https://rpadovani.com/jekyll-autodeploy-gitlab-ci
• https://www.chenhuijing.com/blog/hosting-static-site-gitlab-pages/#%F0%9F%8F%80
• https://jennifermack.net/2017/02/04/bootstrapping-a-jekyll-blog-using-gitlab/

Once you get to the point where pushing new code to master results in live changes happening, this plugin should do the remaining magic 🎩 to get https'd up

[bsde1245]

Okey, As a newbie I have some confusion. Following is my .gitlab-ci.yml

image: ruby:2.3

variables:
  JEKYLL_ENV: production

before_script:
  - export LC_ALL="C.UTF-8"
  - export LANG="en_US.UTF-8"
  - export LANGUAGE="en_US.UTF-8"
  - bundle install

test:
  stage: test
  script:
  - bundle exec jekyll build -d test
  artifacts:
    paths:
    - test
  except:
  - master

pages:
  stage: deploy
  script:
  - bundle exec jekyll build -d public
  artifacts:
    paths:
    - public
  only:
  - master

Is it enough?

_config.yml

# Welcome to Jekyll!
#
# This config file is meant for settings that affect your whole blog, values
# which you are expected to set up once and rarely need to edit after that.
# For technical reasons, this file is *NOT* reloaded automatically when you use
# 'jekyll serve'. If you change this file, please restart the server process.

# Site settings
title: Example Jekyll
email: [email protected]
description: > # this means to ignore newlines until "baseurl:"
  Test
baseurl: "" # the subpath of your site, e.g. /blog
url: "http:https://justinechacko.in" # the base hostname & protocol for your site
twitter_username: jekyllrb
github_username:  jekyll

# Build settings
markdown: kramdown
exclude: ["README.md"]
sass:
    load_paths:
        - _sass
        - bs
paginate: 10
paginate_path: "page:num"
gems:
  - jekyll-paginate
  - jekyll-sitemap

gitlab-letsencrypt:
  # Gitlab settings
  personal_access_token: 'deleted as secret'             # Gotten from the step above ^^
  gitlab_repo:           'bpmottathai/main' # Namespaced repository identifier

  # Domain settings
  email:                 '[email protected]'     # Let's Encrypt email address
  domain:                'justinechacko.in'             # Domain that the cert will be issued for

  # Jekyll settings
  base_path:  './'               # Where you want the file to go
  pretty_url: false              # Add a "/" on the end of the URL... set to `true` if you use permalink_style- pretty
  filename:   'letsencrypt.html' # What to call the generated challenge file

  # Delay settings
  initial_delay: 120 # How long to wait for Gitlab CI to push your changes before it starts checking
  delay_time:     15 # How long to wait between each check once it starts looking for the file

  # Optional settings you probably don't need
  # endpoint  'https://somewhere' # if you're doing the ACME thing outside of letsencrypt
  branch:    'master'            # Defaults to master, but you can use a different branch
  layout:    'null'              # Layout to use for challenge file - defaults to null, but you can change if needed
  scheme:    'http'             # Scheme to use for challenge request; default http

pipeline job

Running with gitlab-runner 10.5.0 (80b03db9)
  on docker-auto-scale 72989761
Using Docker executor with image ruby:2.3 ...
Pulling docker image ruby:2.3 ...
Using docker image sha256:03ff8cebf24fa355353a00dae607155efd56f565c82ef22bf4dd7599a34cd026 for ruby:2.3 ...
Running on runner-72989761-project-5405133-concurrent-0 via runner-72989761-srm-1519353883-37d8f930...
Cloning repository...
Cloning into '/builds/bpmottathai/main'...
Checking out d541374f as master...
Skipping Git submodules setup
$ export LC_ALL="C.UTF-8"
$ export LANG="en_US.UTF-8"
$ export LANGUAGE="en_US.UTF-8"
$ bundle install
The dependency tzinfo-data (>= 0) will be unused by any of the platforms Bundler is installing for. Bundler is installing for ruby but the dependency is only for x86-mingw32, x86-mswin32, x64-mingw32, java. To add those platforms to the bundle, run `bundle lock --add-platform x86-mingw32 x86-mswin32 x64-mingw32 java`.
Fetching gem metadata from https://rubygems.org/...........
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies...
Fetching public_suffix 2.0.5
Installing public_suffix 2.0.5
Fetching addressable 2.5.0
Installing addressable 2.5.0
Using bundler 1.16.1
Fetching colorator 1.1.0
Installing colorator 1.1.0
Fetching ffi 1.9.17
Installing ffi 1.9.17 with native extensions
Fetching forwardable-extended 2.6.0
Installing forwardable-extended 2.6.0
Fetching rb-fsevent 0.9.8
Installing rb-fsevent 0.9.8
Fetching rb-inotify 0.9.8
Installing rb-inotify 0.9.8
Fetching sass-listen 4.0.0
Installing sass-listen 4.0.0
Fetching sass 3.5.5
Installing sass 3.5.5
Fetching jekyll-sass-converter 1.5.0
Installing jekyll-sass-converter 1.5.0
Fetching listen 3.0.8
Installing listen 3.0.8
Fetching jekyll-watch 1.5.0
Installing jekyll-watch 1.5.0
Fetching kramdown 1.13.2
Installing kramdown 1.13.2
Fetching liquid 3.0.6
Installing liquid 3.0.6
Fetching mercenary 0.3.6
Installing mercenary 0.3.6
Fetching pathutil 0.14.0
Installing pathutil 0.14.0
Fetching rouge 1.11.1
Installing rouge 1.11.1
Fetching safe_yaml 1.0.4
Installing safe_yaml 1.0.4
Fetching jekyll 3.4.0
Installing jekyll 3.4.0
Fetching jekyll-paginate 1.1.0
Installing jekyll-paginate 1.1.0
Fetching jekyll-sitemap 1.2.0
Installing jekyll-sitemap 1.2.0
Bundle complete! 4 Gemfile dependencies, 22 gems now installed.
Bundled gems are installed into `/usr/local/bundle`
$ bundle exec jekyll build -d public
Configuration file: /builds/bpmottathai/main/_config.yml
            Source: /builds/bpmottathai/main
       Destination: public
 Incremental build: disabled. Enable with --incremental
      Generating... 
                    done in 3.303 seconds.
 Auto-regeneration: disabled. Use --watch to enable.
Uploading artifacts...
public: found 62 matching files                    
Uploading artifacts to coordinator... ok            id=53974304 responseStatus=201 Created token=-ogDiprX
Job succeeded

Thanks.

[bsde1245]

Previously this domain connected to firebase and I didn't disconnect it

[JustinAiken]

That looks like it should work now.. if you rerun the bundle exec jekyll letsencrypt now, it should sail through

[bsde1245]

Not working for me. What step I am missing???

Do I need to add certificate in domain add page?

There is a letsencrypt file in root directory

---
layout: null
permalink: ./.well-known/acme-challenge/xNwynQAyZHTpbbuVgJS22lKcg8XkWKcglm_emfYJDEI
---

xNwynQAyZHTpbbuVgJS22lKcg8XkWKcglm_emfYJDEI.emV9IVgCSCvTLndID_IkeWhfW24RXclKph4jSXKOhXU

[bsde1245]

I think I got something.... jekyll-gitlab-letsencrypt gem is not installing in pipeline...!! And my gemfile and config file are in not configured state. I mean changes in local not affected remote repo. Do I need to commit and push before jekyll letsencrypt command?

[bsde1245]

File is in root folder and permalink is ./.well-known/acme-challenge/xNwynQAyZHTpbbuVgJS22lKcg8XkWKcglm_emfYJDEI

Any problem?

[JustinAiken]

I think I got something.... jekyll-gitlab-letsencrypt gem is not installing in pipeline...!!

That's ok - you run that locally, it doesn't need to be installed in the pipeline; the pipeline builds the actual jekyll blog and publishes it live, but this plugin kicks off a pipeline

Do I need to commit and push before jekyll letsencrypt command?

Commit and push any changes needed to get your blog to build.. but jekyll letsencrypt makes a commit for you and pushes that up - that well known challenge file.

File is in root folder and permalink is ./.well-known/acme-challenge...

Is it live on your site?

[bsde1245]

Is it live on your site?

Means?

please look into files. https://drive.google.com/file/d/1N2RvbRtUzimrQ2twdnkCdfZUEgknxpvl/view?usp=sharing

site is justinechacko.in

[bsde1245]

HI @JustinAiken , What step I am missing??

[JustinAiken]

Removing this gem/plugin from the equation for a moment..

• Make sure your local master branch and the remote gitlab master are in sync
• If you make a change (add "hello world" to a blog post or something) and commit/push it to master
  • Does it kick off a pipeline build on Gitlab?
  • Does the pipeline build on Gitlab succeed?
  • Does it kick off a Gitlab-internal deploy pipeline?
  • Does your changes eventually make it live onto the justinechacko.in site?

[bsde1245]

I think answer to all your question is "yes".

But I don't know the difference between

Does it kick off a pipeline build on Gitlab?

and

Does it kick off a Gitlab-internal deploy pipeline?

[JustinAiken]

That looks like it should be good..

Now locally (make sure you're up-to-date with master), run bundle exec jekyll letsencrypt..

• It should create a commit for (remotely, it won't show up locally until you git pull it back down
  • That commit will add/changes lets.html
  • Which the pipeline should push out
  • The plugin will keep 404 and checking.. let it go on all the way until your build is done
  • If you can see the newly added page, and acme can see the newly added page, you're good - it'll go from there
  • If you can see the newly added page, but the letsencrypt plugin still says it's not found, then there's still a jekyll-letsencrypt config problem, and let me know from there
  • If you can't see the newly added page at, something is wrong with the pipeline config outside of this plugin...

[bsde1245]

Hi thanks for reply. Newly added page means letsencrypt.html?

[JustinAiken]

Er yeah, letsencrypt.html (it's configurable - my local is setup as lets.html, but looking at your config above, it's letsencrypt.html for you

[bsde1245]

There is letsencrypt.html file at root directory

---
layout: null
permalink: ./.well-known/acme-challenge/xNwynQAyZHTpbbuVgJS22lKcg8XkWKcglm_emfYJDEI
---

xNwynQAyZHTpbbuVgJS22lKcg8XkWKcglm_emfYJDEI.emV9IVgCSCvTLndID_IkeWhfW24RXclKph4jSXKOhXU

But at http:https://justinechacko.in/.well-known/acme-challenge/xNwynQAyZHTpbbuVgJS22lKcg8XkWKcglm_emfYJDEI I get a 404 page

my .gitignore file

_site
.sass-cache
.jekyll-metadata
public/

I removed line public/ still not working

[JustinAiken]

• Maybe try pretty_url: true ?
• Shouldn't need to remove public/ from gitignore

[bsde1245]

Yay! I think it is working now.!!

Waiting 120 seconds before we start checking for challenge.. 
Got response code 200, file is present! 
Requesting verification... 
Challenge is valid! 
Updating domain justinechacko.in pages setting with new certificates.. 
           Success! 

Do I need to redirect http to https? As I don't get https without typing https before my domain. Also Can I have ssl to my subdomain also like http:https://songs.justinechacko.in Thanks.

[JustinAiken]

Yay! I think it is working now.!!

🎊

Do I need to redirect http to https? As I don't get https without typing https before my domain

Gitlab doesn't currently support server-side redirects to https (it's supposedly coming sometime soon).

You can do a JS-side redirect; on my site I have this in my default layout:

    <script>
      // Hacky https redirect since gitlab pages doesn't support true 301's yet:
      var host = "justinaiken.com";
      if ((host == window.location.host) && (window.location.protocol != 'https:')) {
        window.location = window.location.toString().replace(/^http:/, "https:");
      }
    </script>

Also Can I have ssl to my subdomain

#10 requests that, but I probably won't add multiple domain support myself..

[bsde1245]

I probably won't add multiple domain support myself

Can I add ssl manually to subdomain by following This tutorial

[bsde1245]

Closing as resolved...

[bsde1245]

Can I use same email address for subdomain too

[JustinAiken]

Yep, email really isn't that important