ae3erdion Posted August 25, 2018 Share Posted August 25, 2018 Im having some errors trying to renew the ssl cert. any expert that can help me Quote Link to comment Share on other sites More sharing options...
Rkiver Posted August 26, 2018 Share Posted August 26, 2018 What errors? If you want help you need to give more information. Quote Link to comment Share on other sites More sharing options...
ae3erdion Posted August 26, 2018 Author Share Posted August 26, 2018 9 hours ago, Rkiver said: What errors? If you want help you need to give more information. this is the error when I try to renew. I try installing it again and create a new cert, but I still getting the same error Performing the following challenges: http-01 challenge for aftercoffeedesigns.com http-01 challenge for www.aftercoffeedesigns.com Waiting for verification... Cleaning up challenges Failed authorization procedure. aftercoffeedesigns.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://aftercoffeedesigns.com/.well-known/acme-challenge/CXyPhPWzamPS3GEv3tdYYKiSgiruAY9zLu6IPp7eeec: Error getting validation data IMPORTANT NOTES: - The following errors were reported by the server: Domain: aftercoffeedesigns.com Type: connection Detail: Fetching https://aftercoffeedesigns.com/.well-known/acme-challenge/CXyPhPWzamPS3GEv3tdYYKiSgiruAY9zLu6IPp7eeec: Error getting validation data To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. Quote Link to comment Share on other sites More sharing options...
aethernaut Posted August 26, 2018 Share Posted August 26, 2018 I had a similar thing happen recently. It seemed that certbot was checking for .well-known on http and not the already set up https. My server has different site roots for port 80 and port 443 and port 80 is not open to the Internet. I therefore put .well-known and its contents in the port 80 site root and temporarily let port 80 through the firewall. The renewal then worked and I closed port 80 off again afterwards. Summary: try letting 80 through on your firewall just for the renewal. Quote Link to comment Share on other sites More sharing options...
ae3erdion Posted August 26, 2018 Author Share Posted August 26, 2018 47 minutes ago, aethernaut said: try letting 80 through on your firewall just for the renewal I have port 80 and port 443 open in the firewall. And also have .well-known in the root of my http Im using apache and I had it redirecting all web traffic to port 443. I try to stop the redirect and renew, but it didnt work Quote Link to comment Share on other sites More sharing options...
aethernaut Posted August 27, 2018 Share Posted August 27, 2018 (edited) 8 hours ago, ae3erdion said: .. I try to stop the redirect and renew ... I am NOT an expert (far from it) so I am guessing that this is where you are having problems. It happened to me as well. There are several ways to redirect. The simplest is to redirect using a redirect script in the index.html of the port 80 site but I assume that this should not prevent renewal as the renewal script does not appear to call the index.html page but goes directly to .well-known. However I had put the below in the Apache directives for the port 80 virtual host and it needed removing (and Apache restarted) before I could get access back again and renew. RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L] If there is anything like this is the virtual host directives for port 80 then it needs to be removed. Do you use Webmin? The "Aliases and Redirects" section for the port 80 virtual host may show where a redirect is still lurking... Edited August 27, 2018 by aethernaut clarification Quote Link to comment Share on other sites More sharing options...
ae3erdion Posted August 28, 2018 Author Share Posted August 28, 2018 (edited) this is my virtual host config VirtualHost *:80> ServerAdmin webmaster@localhost ServerName aftercoffeedesigns.com ServerAlias www.aftercoffeedesigns.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName beginnings.rocks ServerAlias www.beginnings.rocks DocumentRoot /var/www/html/beginnings </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet Edited August 28, 2018 by ae3erdion Quote Link to comment Share on other sites More sharing options...
ae3erdion Posted August 28, 2018 Author Share Posted August 28, 2018 (edited) On 8/27/2018 at 2:41 AM, aethernaut said: Do you use Webmin? The "Aliases and Redirects" section for the port 80 virtual host may show where a redirect is still lurking... I dont use Webmin. Edited August 28, 2018 by ae3erdion Quote Link to comment Share on other sites More sharing options...
aethernaut Posted August 29, 2018 Share Posted August 29, 2018 OK. If you have undone what you did to put the redirect on in the first place and it still redirects then I am afraid I am out of ideas. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.