Add New certificate to server. apache & webroot not working

jweLinux · January 10, 2024, 2:19pm

Hi,

First i tried this command:
sudo certbot --apache --apache-server-root /etc/apache2 --apache-challenge-location /etc/apache2

I get this response:

Error running command ['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'] for runtime parameters!

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error accessing loaded Apache parameters: ['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG']")

After that i tried it via webroot:

sudo certbot --webroot -w /etc/apache2/sites-enabled/ -d example.domain

Did not work. I got this response:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
With the webroot plugin, you probably want to use the "certonly" command, eg:

    certbot certonly --webroot

(Alternatively, add a --installer flag. See https://eff.org/letsencrypt-plugins
 and "--help plugins" for more information.)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

And lastly i added the certonly parameter:

sudo certbot certonly --webroot -w /etc/apache2/sites-enabled/ -d example.domain

And got this response:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for example.domain

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: example.domain
  Type:   unauthorized
  Detail: Invalid response from http://example.domain/.well-known/acme-challenge/R-0n-CMBKSigRSF51qyrGg_1YnkYcHBUpKS4Y581nns: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I have absolutley no idea what i'm missing. There are certificates on the server for other domains( that are being updated regularly ).

Do i have to manually create the directory ".well-known/acme-challenge" ?

MikeMcQ · January 10, 2024, 2:27pm

That's a valid format but the -w path should be your DocumentRoot folder described in the VirtualHost for that domain. It should definitely not be your sites-enabled folder

No. It is created if/as needed.

jweLinux · January 10, 2024, 2:33pm

So "-w" is the path to the htdocs? I thought it is the path to the .conf files.

sudo certbot certonly --webroot -w /htdocs/ -d example.domain

MikeMcQ · January 10, 2024, 2:39pm

The -w folder (--webroot-path) should match the DocumentRoot folder

https://eff-certbot.readthedocs.io/en/latest/using.html#webroot

jweLinux · January 10, 2024, 3:13pm

Thanks a lot, that was the problem. It works!

system · February 9, 2024, 3:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add new certificate for apache error Help	13	226	January 11, 2024
Fail to Run Certbot on Apache Help	6	674	October 21, 2021
The apache plugin is not working; there may be problems with your existing configuration Help	20	8425	March 16, 2021
Certbot probs / DNS Server	7	1501	September 16, 2018
Certbot failed to authenticate some domains (authenticator: webroot) Invalid response from http://www.site.com/.well-known/acme-challenge/... 404 Help	17	622	November 11, 2023

Add New certificate to server. apache & webroot not working

Related topics