A few issues, NXdomain error, SSLcert file empty, failed auth procedure


#1

My domain is: rafflegiftcards.com

I ran this command:
sudo certbot renew --dry-run
sudo certbot certonly --webroot
sudo /opt/bitnami/ctlscript.sh start

ERROR1
It produced this output: Attempting to renew cert (rafflegiftcards.com) from /etc/letsencrypt/renewal/rafflegiftcards.com.conf produced an unexpected error: Failed authorization procedure. rafflegiftcards.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://rafflegiftcards.com/.well-known/acme-challenge/1aPGhU-DAsvMNyTYTcItrkvQFmufF-Dgthza6y5rbkk: "

404 Not Found

Not Found

<p". Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/rafflegiftcards.com/fullchain.pem (failure)

ERROR2
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): www.rafflegiftcards.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.rafflegiftcards.com
Input the webroot for www.rafflegiftcards.com: (Enter ‘c’ to cancel): /opt/bitnami/apps/wordpress/htdocs/
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.rafflegiftcards.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.rafflegiftcards.com/.well-known/acme-challenge/H_Mw3-CEdLr62aVXba5X2b_hXN213nEavzvWdllXHPM: "

404 Not Found

Not Found

<p"

IMPORTANT NOTES:

ERROR3
bitnami@ip-172-31-82-23:/opt/bitnami/apps/wordpress/htdocs$ sudo /opt/bitnami/ctlscript.sh start
/opt/bitnami/mysql/scripts/ctl.sh : mysql (pid 1827) already running
/opt/bitnami/php/scripts/ctl.sh : php-fpm (pid 1869) already running
AH00526: Syntax error on line 46 of /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
SSLCertificateFile: file ‘/opt/bitnami/apache2/conf/server.crt’ does not exist or is empty
apache config test fails, aborting

My web server is (include version): apache2

The operating system my web server runs on is (include version): ubuntu 16.04.4

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Please show:
more /etc/letsencrypt/renewal/*.conf


#3

It would be useful to know if you can make a file at http://www.rafflegiftcards.com/test.txt and http://www.rafflegiftcards.com/.well-known/acme-challenge/test2.txt.


#4

here is the output of that command:

bitnami@ip-172-31-82-23:~$ more /etc/letsencrypt/renewal/*.conf

renew_before_expiry = 30 days

version = 0.25.0
archive_dir = /etc/letsencrypt/archive/rafflegiftcards.com
cert = /etc/letsencrypt/live/rafflegiftcards.com/cert.pem
privkey = /etc/letsencrypt/live/rafflegiftcards.com/privkey.pem
chain = /etc/letsencrypt/live/rafflegiftcards.com/chain.pem
fullchain = /etc/letsencrypt/live/rafflegiftcards.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = ff8fd587d3858c210cf050660b0022ee
authenticator = webroot
installer = None
[[webroot_map]]
rafflegiftcards.com = /opt/bitnami/apps/wordpress/htdocs


#5

sorry to be suck a noob but how does one create a file while the site is down?


#6

Normally one would use an editor: vi, nano, etc.
But if you are not familiar with Linux editors, you can also echo the text right into the file location:
echo 'some text' > /opt/bitnami/apps/wordpress/htdocs/text.txt
echo 'more text' > /opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge/text2.txt


#7

ohh I ok I didn’t get what you meant 100% but I did try to do those 2 files and the 1st one worked the 2nd one gave error “E212: can’t open file for writing”


#8

try:
mkdir /opt/bitnami/apps/wordpress/htdocs/.well-known
mkdir /opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge
then
echo 'more text' > /opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge/text2.txt


#9

ok that worked both were successfully completed.


#10

Well… Both files failed.

Please show:
more /var/log/letsencrypt/letsencrypt.log
more /opt/bitnami/apache2/conf/bitnami/bitnami.conf


#11

I get permission denied on both.


#12

try adding "sudo " in front


#13

the first one is really long idk if that will fit all in here.


#14

just show the last part of it.


#15

Domain: www.rafflegiftcards.com
Type: unauthorized
Detail: Invalid response from http://www.rafflegiftcards.com/.well-known/acme-challenge/51udiBZtab-03Am8skhsD7JQSHhoKWkvMiSJ3lxka3E: "

404 Not Found

Not Found

<p"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2018-07-09 19:59:12,745:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.rafflegiftcards.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.rafflegiftcards.com/.well-known/acme-challenge/51udiBZtab-03A
m8skhsD7JQSHhoKWkvMiSJ3lxka3E: "

404 Not Found

Not Found

<p"

2018-07-09 19:59:12,745:DEBUG:certbot.error_handler:Calling registered functions
2018-07-09 19:59:12,745:INFO:certbot.auth_handler:Cleaning up challenges
2018-07-09 19:59:12,745:DEBUG:certbot.plugins.webroot:Removing /opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge/51udiBZtab-03Am8skhsD7JQSHhoKWkvMiSJ3lxka3E
2018-07-09 19:59:12,745:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2018-07-09 19:59:12,746:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.25.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1323, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1213, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 383, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 326, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 362, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.rafflegiftcards.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.rafflegiftcards.com/.well-known/acme-challenge/51udiBZtab-03A
m8skhsD7JQSHhoKWkvMiSJ3lxka3E: "

404 Not Found

Not Found

<p" 2018-07-10 02:03:02,730:DEBUG:certbot.main:certbot version: 0.25.0 2018-07-10 02:03:02,731:DEBUG:certbot.main:Arguments: ['-q'] 2018-07-10 02:03:02,731:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2018-07-10 02:03:02,739:DEBUG:certbot.log:Root logging level set at 30 2018-07-10 02:03:02,740:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2018-07-10 02:03:02,748:DEBUG:certbot.plugins.selection:Requested authenticator and installer 2018-07-10 02:03:02,769:INFO:certbot.renewal:Cert not yet due for renewal 2018-07-10 02:03:02,769:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2018-07-10 02:03:02,770:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator Initialized: Prep: True 2018-07-10 02:03:02,770:DEBUG:certbot.plugins.selection:Selected authenticator and installer None 2018-07-10 02:03:02,770:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2018-07-10 02:03:02,770:DEBUG:certbot.renewal:no renewal failures

#16

2nd command

bitnami@ip-172-31-82-23:~$ sudo more /opt/bitnami/apache2/conf/bitnami/bitnami.conf

Default Virtual Host configuration.

<IfVersion < 2.3 >
NameVirtualHost *:80
NameVirtualHost *:443

DocumentRoot "/opt/bitnami/apache2/htdocs" Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all = 2.3 > Require all granted

Error Documents

ErrorDocument 503 /503.html

Bitnami applications installed with a prefix URL (default)

Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf”

Default SSL Virtual Host configuration.

<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4”
SSLPassPhraseDialog builtin
SSLSessionCache “shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)”
SSLSessionCacheTimeout 300

DocumentRoot "/opt/bitnami/apache2/htdocs" SSLEngine on SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt" SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"

<Directory “/opt/bitnami/apache2/htdocs”>
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all

= 2.3 >
Require all granted

Error Documents

ErrorDocument 503 /503.html

Bitnami applications installed with a prefix URL (default)

Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf”

Bitnami applications that uses virtual host configuration

Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf”


#17

Please show:
sudo certbot certificates


#18

Please show:
sudo more /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf


#19

Found the following certs:
Certificate Name: rafflegiftcards.com
Domains: rafflegiftcards.com
Expiry Date: 2018-10-07 15:44:28+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/rafflegiftcards.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/rafflegiftcards.com/privkey.pem


#20

this only came back with this output: # Bitnami applications installed in a Virtual Host