Another "failed to verify the temporary Apache config"

sofiamedf · September 11, 2021, 1:24pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://www.mikroblobben.se

I ran this command: sudo certbot --apache

It produced this output:
Requesting a certificate for mikroblobben.se

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: mikroblobben.se
Type: unauthorized
Detail: Invalid response from http://mikroblobben.se/.well-known/acme-challenge/2YPipaufdyx-C8n0abGs2D5-A6nCnEUllcoRbkVYqho [155.4.140.77]: "\n\n<html class="no-js" lang="sv-SE">\n\n\t\n\n\t\t<meta charset="UTF-8">\n\t\t<meta name="viewport" content="width=dev"

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.

My web server is (include version): Apache/2.4.38 (Raspbian)

The operating system my web server runs on is (include version): PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"

My hosting provider, if applicable, is: Myself (unfortunately).

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.19.0

apachectl -S

VirtualHost configuration:
*:8080                 mikroblobben.se (/etc/apache2/apache2.conf:176)
*:80                   mikroblobben.se (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used

My site now forces the use of https which makes it impossible to login to wordpress. I've been trying way to many things for too many hours and think I might have done something really stupid. Please help <3

MikeMcQ · September 11, 2021, 1:58pm

Welcome. I think you have recently changed something as I can see your Wordpress page using http. It is not forcing to https as you said:

curl -LI http://mikroblobben.se

Response:
HTTP/1.1 302 Found
Date: Sat, 11 Sep 2021 13:49:18 GMT
Server: Apache/2.4.38 (Raspbian)
Location: http://mikroblobben.se/wordpress
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 301 Moved Permanently
Date: Sat, 11 Sep 2021 13:49:18 GMT
Server: Apache/2.4.38 (Raspbian)
Location: http://mikroblobben.se/wordpress/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Sat, 11 Sep 2021 13:49:18 GMT
Server: Apache/2.4.38 (Raspbian)
Link: <http://155.4.140.77/wordpress/index.php/wp-json/>; rel="https://api.w.org/"
Content-Type: text/html; charset=UTF-8

If the http certbot challenge is still failing as you show, then it looks like you need to make sure you do not redirect requests for /.well-known/acme-challenge to your wordpress page.

sofiamedf · September 11, 2021, 2:28pm

Thank you so much for looking in to my problem and for your quick reply =)

I've placed a test file in the directory you mentioned like so:

http://mikroblobben.se/.well-known/acme-challenge/test.html
and it works for me.

I apologize for using the wrong terminology. What I mean is that if I try to get to http://mikroblobben.se/wordpress/wp-admin it's automatically changed to https and ERROR_CONNECTION_CLOSED is the result.

I should mention that I have also tempered with the .htaccess file. I've only added the first line however. File contents:

Redirect /index.html /wordpress

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/index.php [L]
</IfModule>
# END WordPress
# BEGIN FRedirect_ErrorDocument
ErrorDocument 404 /wordpress/index.php?error=404
# END FRedirect_ErrorDocument

MikeMcQ · September 11, 2021, 3:13pm

Hmmm. Good job getting the /.well-known test file working.

First, use three backticks (```) before and after code samples to get it formatted nice.

You should be able to get a cert now that the ./well-known/acme-challenge test file worked. But, you are having redirect issues so perhaps try the below certbot command instead. It will not update your Apache config - it will just get the certs. This means you will need to setup your 443 https server config yourself but it also means certbot will not be adding any more redirects into your Apache config.

I am not expert at certbot with Apache with so many redirects but perhaps someone else could assist if you need further help. Anyway, perhaps try this to get your cert:

certbot certonly --webroot -w /var/www/html -d mikroblobben.se

You seem fairly skilled so I am hoping this is enough for you to proceed.

I did not see anything in the redirects you showed that would cause your admin page to redirect to https.

rg305 · September 11, 2021, 6:19pm

Hi @sofiamedf, welcome to the LE community forum

May we have a look at this file?:

Also, you should ensure the "www" is being included in the cert request.
And while testing, please use the staging environment, with the added: --dry-run
[once testing is successful, then switch to production]

sofiamedf · September 12, 2021, 4:21am

Thank you for the warm welcome. You guys are awesome with all your patience!

/etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:80>
	ServerName mikroblobben.se
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

I will look in to the "www" issue. And yes, I've seen the --dry-run option.
I've also just now discovered that my port 443 is closed. I obviously have a busy Sunday ahead of me!

rg305 · September 12, 2021, 1:01pm

Simply use:
ServerAlias www.mikroblobben.se
[after ServerName line]

sofiamedf · September 12, 2021, 1:22pm

I have not been putting the hours in with this today despite the heavy rain. But the most concerning problem, the fact that I was not able to log in to my admin panel in Wordpress is fixed.

Just in case someone else has a similar problem someday these are the lines I hardcoded into my wp-config.php:

define(‘WP_HOME’,’http://example.com’);
define(‘WP_SITEURL’,’http://example.com’);

Maybe it will get me into trouble when trying to fix the main problem with the cert since I'm trying to do that manually. But at least then I might suspect as much later

sofiamedf · September 12, 2021, 1:24pm

Would it be advisable to make a new cert request with this line added? Is it that important, you mean? Could it be part of the problem? Or is it more a tip for the future?

rg305 · September 12, 2021, 4:51pm

That's debatable...
Some people never type www, some people always type the www.
I would cover both.

I don't see how it can interfere, if you aren't trying the www name.

sofiamedf · September 12, 2021, 5:27pm

Thanks, I understand. It "just" for the purpose of covering how people would find my site. It's not really a problem for http vs https.

system · October 12, 2021, 5:27pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.