Apache HTTPS redirect challenge failed?

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cloud.zonit.com

I ran this command: certbot --apache -d cloud.zonit.com --cert-path /etc/ssl/cert.pem --fullchain-path /etc/ssl/chaincert.pem --key-path /etc/ssl/key.pem

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.zonit.com
Waiting for verification...
Challenge failed for domain cloud.zonit.com
http-01 challenge for cloud.zonit.com
Cleaning up challenges
Some challenges have failed.

My web server is (include version): Apache 2.4.37

The operating system my web server runs on is (include version): CentOS 8

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.6.0

I’ve looked into the other threads about this, my HTTP to HTTPS redirect is taking place in a VirtualHost directive in the /etc/httpd/conf.d/cloud.conf file - not in an .htaccess file. Most of the threads I’ve found on this matter have to do with people handling HTTPS redirects via .htaccess files.

2

I’m not seeing any redirect mentioned anywhere?

I do see a Couldn't resolve host 'cloud.zonit.com' from my endpoint.

Could you please share the log file mentioned in the output?

Also, perhaps offtopic, but what’s with the --cert-path and such? Just curious…

3

Fair.... this could be a DNS propagation issue. She's freshly online... :>

EDIT: I guess it did just occur to me that the way Certbot is doing this and issuing the HTTP challenge could mean that Let's Encrypt can't find cloud.zonit.com yet due to DNS propagation...

Just where I'm storing my certs on the filesystem to work nicely with my Apache VirtualHost config. This particular VirtualHost is pointing to these files. I doubt we'll be using any other VirtualHost on this particular machine, but... in the meantime, this cert is only for this VirtualHost, and no others.

4

Hi @Inquiry-Tent

no, it's not defined - cloud.zonit.com - Make your website better - DNS, redirects, mixed content, certificates

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
cloud.zonit.com Name Error yes 1 0
www.cloud.zonit.com Name Error yes 1 0
*.zonit.com A Name Error yes
AAAA Name Error yes
CNAME Name Error yes

ns.zonit.com is asked.

5

The SOA record of the authorative name servers contain a serial from like half a year ago: 2019122801

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.