Adding new hostname

#1

I’m trying to add a new hostname to my server.
At this moment, I have two host name, both certified with certbot-letsencrypt:
new-plat11.ddns.net
new-plat11sim01.ddns.net
I want to add the new hostname:
new-plat123.ddns.net
Please, can you tell me exctly what is the line command I have to enter for doing that?

I entered the command:

certbot --authenticator webroot --installer apache -w /var/www/html-123 -d new-plat123.ddns.net

and the result was:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for new-plat123.ddns.net
Using the webroot path /var/www/html-123 for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. new-plat123.ddns.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://new-plat123.ddns.net/.well-known/acme-challenge/GRcinsnJJW3BlVnfnLOWjO7sfjJ8dljyEagj7KAaddc: “\n\n404 Not Found\n\n

Not Found

\n<p”

IMPORTANT NOTES:

What happened?
Thanks

#2

Hi @Alco

if this doesn’t work, (1) your webroot argument is wrong or (2) you have redirects.

Your main configuration is ok ( https://check-your-website.server-daten.de/?q=new-plat123.ddns.net )

Domainname Http-Status redirect Sec. G
http://new-plat123.ddns.net/
82.61.21.89 301 https://new-plat123.ddns.net/ 0.127 A
https://new-plat123.ddns.net/
82.61.21.89 200 2.737 N
Certificate error: RemoteCertificateNameMismatch
http://new-plat123.ddns.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
82.61.21.89 301 https://new-plat123.ddns.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.123 A
https://new-plat123.ddns.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 1.913 N
Not Found
Certificate error: RemoteCertificateNameMismatch

there is the expected http status 404.

So create two directories in your webroot

/var/www/html-123/.well-known/acme-challenge

there a file (file name 1234), then try to load this file via

http://new-plat123.ddns.net/.well-known/acme-challenge/1234

and check, if that works.

#3

Hi JuergenAuer,
thank you for your answer!
I tried as you said, but it seems it doesn’t work!
I made the certification with the other two hostnames some months ago and, now, I don’t remember what exactly I did.
Maybe, when I made the certification, I said to redirect all the request from port 80 to secure port 443, without personally changing any apache configuration files.
If you mean that for redirection, now I don’t know exactly where I can go and what I can do in order to properly redirect!
Can you suggest me something?
Thank!

#4

What doesn’t work? If you create the test file and if

http://new-plat123.ddns.net/.well-known/acme-challenge/1234

doesn’t work with your browser, then your webroot is wrong.

So check your config file. What’s the value of “DocumentRoot”?

If you use a wrong webroot, webroot can’t work.

#5

In …/sites-available/new-plat123.ddns.net.conf
(and enabled) there is:

DocumentRoot /var/www/html-123

But when I enter in the browser the line:
http://new-plat123.ddns.net/.well-known/acme-challenge/1234
the answer is:

Not Found

The requested URL /.well-known/acme-challenge/1234 was not found on this server.

Apache/2.4.25 (Raspbian) Server at new-plat123.ddns.net Port 443
:frowning:

#6

Then you have somewhere another redirect or a location definition.

Something like

location -> go to another place.

that catches /.well-known/acme-challenge.

#7

If I well remember, I left certbot to make all necessary to redirect all data to port 443.

#8

Here is the contain of new-plat123.ddns.net.conf:

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName new-plat123.ddns.net

ServerAdmin webmaster@new-plat123.ddns.net
DocumentRoot /var/www/html-123
ServerAlias www.new-plat123.ddns.net

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
LogLevel info

ErrorLog ${APACHE_LOG_DIR}/error_123.log
CustomLog ${APACHE_LOG_DIR}/access_123.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.new-plat123.ddns.net [OR]
RewriteCond %{SERVER_NAME} =new-plat123.ddns.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Maybe, the redirection is in the last row: “RewriteRule …”?

#9

OK! Now is working!
I deleted the last lines with the Rewrite directives, disabled and then (re-)enabled the new config file, restarted apache server, regave the certbot command and…
all is working!
Thank you Juergen!
:slight_smile:

1 Like
#10

This sounds like the HTTP root and the HTTPS root are different.
Certbot will place the challenge file at the HTTP --webroot/.well-known/acme-challenge/ folder.
But when the HTTP server block redirects to HTTPS, then they must match.

NOTE: Even if an HTTPS block for this name does NOT yet exist, Apache will still serve the content from the default HTTPS vhost. [which may have another document root - and cause this to fail]

Moral: Don’t forward to HTTPS before having configured an HTTPS server block [which requires a cert - so don’t to use HTTPS before obtaining the cert for it].

closed #11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.