Jump to content

Lets encrypt and apache issues


ae3erdion
 Share

Recommended Posts

9 hours ago, Rkiver said:

What errors? If you want help you need to give more information. 

this is the error when I try to renew. I try installing it again and create a new cert, but I still getting the same error

Performing the following challenges:
http-01 challenge for aftercoffeedesigns.com
http-01 challenge for www.aftercoffeedesigns.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. aftercoffeedesigns.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://aftercoffeedesigns.com/.well-known/acme-challenge/CXyPhPWzamPS3GEv3tdYYKiSgiruAY9zLu6IPp7eeec: Error getting validation data

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: aftercoffeedesigns.com
   Type:   connection
   Detail: Fetching
   https://aftercoffeedesigns.com/.well-known/acme-challenge/CXyPhPWzamPS3GEv3tdYYKiSgiruAY9zLu6IPp7eeec:
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
Link to comment
Share on other sites

I had a similar thing happen recently. It seemed that certbot was checking for .well-known on http and not the already set up https. My server has different site roots for port 80 and port 443 and port 80 is not open to the Internet. I therefore put .well-known and its contents in the port 80 site root and temporarily let port 80 through the firewall. The renewal then worked and I closed port 80 off again afterwards.

Summary: try letting 80 through on your firewall just for the renewal.

Link to comment
Share on other sites

47 minutes ago, aethernaut said:

try letting 80 through on your firewall just for the renewal

I have port 80 and port 443 open in the firewall. And also have .well-known in the root of my http

Im using apache and I had it redirecting all web traffic to port 443. I try to stop the redirect and renew, but it didnt work

Link to comment
Share on other sites

8 hours ago, ae3erdion said:

.. I try to stop the redirect and renew ...

I am NOT an expert (far from it) so I am guessing that this is where you are having problems. It happened to me as well.

There are several ways to redirect. The simplest is to redirect using a redirect script in the index.html of the port 80 site but I assume that this should not prevent renewal as the renewal script does not appear to call the index.html page but goes directly to .well-known.

However I had put the below in the Apache directives for the port 80 virtual host and it needed removing (and Apache restarted) before I could get access back again and renew.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

If there is anything like this is the virtual host directives for port 80 then it needs to be removed.

Do you use Webmin? The "Aliases and Redirects" section for the port 80 virtual host may show where a redirect is still lurking...

Edited by aethernaut
clarification
Link to comment
Share on other sites

this is my virtual host config

VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName aftercoffeedesigns.com
        ServerAlias www.aftercoffeedesigns.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName beginnings.rocks
        ServerAlias www.beginnings.rocks
        DocumentRoot /var/www/html/beginnings

</VirtualHost>


# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

 

Edited by ae3erdion
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...